ISC StormCast for Friday, November 16th 2018
Emotet Spreading IcedID Banking Malware https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/Crypto Miners Abusing Insecure Docker
ISC StormCast for Thursday, November 15th 2018
Details about Zero Day Exploit Taking Advantage of Win32k Vuln.
ISC StormCast for Wednesday, November 14th 2018
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/Adobe Security Bulletins https://helpx.adobe.com/security.html
ISC StormCast for Tuesday, November 13th 2018
Google BGP Hijack via Russia https://twitter.com/thousandeyes/status/1062102171506765825 https://www.wsj.com/articles/google-internet-traffic-is-briefly-misdirected-through-russia-china-1542068392Microcode Bootloader USB https://www.techpowerup.com/forums/threads/intel-microcode-boot-loader.248858/Wordpress
ISC StormCast for Monday, November 12th 2018
Cloudflare Releases Mobile Apps To Use 1.1.1.1 https://blog.cloudflare.com/1-thing-you-can-do-to-make-your-internet-safer-and-faster/Crypto Coin Miners
ISC StormCast for Friday, November 9th 2018
Cisco Security Bulletins https://tools.cisco.com/security/center/publicationListing.xRuby Deserialization https://www.elttam.com.au/blog/ruby-deserialization/Ouch Newsletter: Am I Hacked?
ISC StormCast for Thursday, November 8th 2018
VirtualBox 0 Day Guest Escape Exploit Released https://github.com/MorteNoir1/virtualbox_e1000_0dayWooCommerce /
ISC StormCast for Wednesday, November 7th 2018
China Telecom's Internet Traffic Misdirection https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+MisdirectionAndroid Security Updates; Last for
ISC StormCast for Tuesday, November 6th 2018
Struts 2.3 Uses Outdated commons-fileupload library https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File+Upload+Flaw/24278/Fake Elon Musk
ISC StormCast for Monday, November 5th 2018
Beyond good ol' LaunchAgents https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+1/24274/Dissecting a CVE-2017-11882 Exploit https://isc.sans.edu/forums/diary/Dissecting+a+CVE201711882+Exploit/24272/Microsoft Edge
ISC StormCast for Friday, November 2nd 2018
Windows Defender Sandboxing Bug https://isc.sans.edu/forums/diary/Windows+Defenders+Sandbox/24266/Bleedingbit Bluetooth Low Energy Vulnerability https://armis.com/bleedingbit/Cisco
ISC StormCast for Thursday, November 1st 2018
Encrypted Word Maldocs https://isc.sans.edu/forums/diary/More+malspam+using+passwordprotected+Word+docs/24262/iOS / MacOS ICMP Error Remote Code
ISC StormCast for Wednesday, October 31st 2018
Change in Strategy for Hancitor Malware https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+malspam+starts+pushing+Ursnif+this+week/24256/Apple Updates https://support.apple.com/en-us/HT201222Telegram Stores
ISC StormCast for Tuesday, October 30th 2018
Maldoc Duplicating PowerShellhttps://isc.sans.edu/forums/diary/Maldoc+Duplicating+PowerShell+Prior+to+Use/24254/New File Types Emerge in Malware Spam Attachments
ISC StormCast for Monday, October 29th 2018
Dissecting Malicious Office Documents in Linux https://isc.sans.edu/forums/diary/Dissecting+Malicious+Office+Documents+with+Linux/24248/Analyzing Compressed RTF Documents
Instagram flaw exposes user passwords
A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users.
The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...
Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week
Safer browsing, more bitcoin scams, and the rest of the week's top security news.
SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more
Plus, why is Kaspersky Lab getting into chess? Roundup What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
Is retaining a cybersecurity attorney a good idea for your business?
Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.
Machine Learning Can Create Fake ‘Master Key’ Fingerprints
Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.
