Saturday, January 19, 2019
SANS ISC

ISC StormCast for Friday, January 18th 2019

Android Malware Uses Motion Detection to Evade Analysis https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/Twitter for
SANS ISC

ISC StormCast for Thursday, January 17th 2019

Emotet and Other Malspam Campaigns Resume After Holiday Break https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/Magecart
SANS ISC

ISC StormCast for Wednesday, January 16th 2019

MSFT Skype/Team Foundation Server Patches https://isc.sans.edu/forums/diary/Microsoft+Publishes+Patches+for+Skype+for+Business+and+Team+Foundation+Server/24540/SCP Client Vulnerabilities https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtServer Hosting
SANS ISC

ISC StormCast for Tuesday, January 15th 2019

Microsoft LAPS - Blue Team / Red Team https://isc.sans.edu/forums/diary/Microsoft+LAPS+Blue+Team+Red+Team/24528/Intel SGX
SANS ISC

ISC StormCast for Monday, January 14th 2019

Government Website TLS Certificates Expire due to Partial Shutdownhttps://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.htmlFirefox EOL
SANS ISC

ISC StormCast for Friday, January 11th 2019

Old Tricks still work: I love you Malspam https://isc.sans.edu/forums/diary/Heartbreaking+Emails+Love+You+Malspam/24512/Juniper Updates
SANS ISC

ISC StormCast for Thursday, January 10th 2019

Simple Mechanism for Creating Certificates https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/Review of Smartphone Face Recognition
SANS ISC

ISC StormCast for Wednesday, January 9th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+January+2019+Patch+Tuesday/24504/ https://patchtuesdaydashboard.com/Adobe Updates https://helpx.adobe.com/security.htmlGoogle Play Store Adware
SANS ISC

ISC StormCast for Tuesday, January 8th 2019

Malware of the Day: Encrypted Word Document https://isc.sans.edu/forums/diary/Analyzing+Encrypted+Malicious+Office+Documents/24498/Apple iOS Apps
SANS ISC

ISC StormCast for Monday, January 7th 2019

Malware in TAR Files https://isc.sans.edu/forums/diary/Malicious+tar+Attachments/24496/ReiKey MacOS Keystoke Logger Detector https://objective-see.com/products/reikey.htmlPhishing
SANS ISC

ISC StormCast for Friday, January 4th 2019

Malware Leaks Victim Data via FTP https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/24484/Hijacking Dormant Twitter Accounts
SANS ISC

ISC StormCast for Thursday, January 3rd 2019

Gift Card Scams https://isc.sans.edu/forums/diary/Gift+Card+Scams+on+the+rise/24482/WiFi Chipset Exploit https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf?fbclid=IwAR07FmZGKLKdJAKI4g0o-Wm-dLGwclV8Hhi-L4_HRlklldY8UC6WY72AdAw
SANS ISC

ISC StormCast for Wednesday, January 2nd 2019

Bypassing Vein Scanner Authentication (in german) https://media.ccc.de/v/35c3-9545-venenerkennung_hackenHacking Smart Lightbulbs and
SANS ISC

ISC StormCast for Friday, December 28th 2018

Phishing Attack Uses IP Counter https://isc.sans.edu/forums/diary/Matryoshka+Phish/24460/JungleSec Ransomware Attacks via IPMI
SANS ISC

ISC StormCast for Thursday, December 27th 2018

Problems with IE Emergency Patch https://support.microsoft.com/en-us/help/4483229/december192018kb4483229osbuild143932670Bitcoin Blacklists https://isc.sans.edu/forums/diary/Bitcoin+Blacklists/24456/D-Link DIR-816 A2
ZDNet

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
isBuzz

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.
SecurityWeek

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more