Saturday, November 17, 2018
SANS ISC

ISC StormCast for Friday, November 16th 2018

Emotet Spreading IcedID Banking Malware https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/Crypto Miners Abusing Insecure Docker
SANS ISC

ISC StormCast for Thursday, November 15th 2018

Details about Zero Day Exploit Taking Advantage of Win32k Vuln.
SANS ISC

ISC StormCast for Wednesday, November 14th 2018

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/Adobe Security Bulletins https://helpx.adobe.com/security.html
SANS ISC

ISC StormCast for Tuesday, November 13th 2018

Google BGP Hijack via Russia https://twitter.com/thousandeyes/status/1062102171506765825 https://www.wsj.com/articles/google-internet-traffic-is-briefly-misdirected-through-russia-china-1542068392Microcode Bootloader USB https://www.techpowerup.com/forums/threads/intel-microcode-boot-loader.248858/Wordpress
SANS ISC

ISC StormCast for Monday, November 12th 2018

Cloudflare Releases Mobile Apps To Use 1.1.1.1 https://blog.cloudflare.com/1-thing-you-can-do-to-make-your-internet-safer-and-faster/Crypto Coin Miners
SANS ISC

ISC StormCast for Friday, November 9th 2018

Cisco Security Bulletins https://tools.cisco.com/security/center/publicationListing.xRuby Deserialization https://www.elttam.com.au/blog/ruby-deserialization/Ouch Newsletter: Am I Hacked?
SANS ISC

ISC StormCast for Thursday, November 8th 2018

VirtualBox 0 Day Guest Escape Exploit Released https://github.com/MorteNoir1/virtualbox_e1000_0dayWooCommerce /
SANS ISC

ISC StormCast for Wednesday, November 7th 2018

China Telecom's Internet Traffic Misdirection https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+MisdirectionAndroid Security Updates; Last for
SANS ISC

ISC StormCast for Tuesday, November 6th 2018

Struts 2.3 Uses Outdated commons-fileupload library https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File+Upload+Flaw/24278/Fake Elon Musk
SANS ISC

ISC StormCast for Monday, November 5th 2018

Beyond good ol' LaunchAgents https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+1/24274/Dissecting a CVE-2017-11882 Exploit https://isc.sans.edu/forums/diary/Dissecting+a+CVE201711882+Exploit/24272/Microsoft Edge
SANS ISC

ISC StormCast for Friday, November 2nd 2018

Windows Defender Sandboxing Bug https://isc.sans.edu/forums/diary/Windows+Defenders+Sandbox/24266/Bleedingbit Bluetooth Low Energy Vulnerability https://armis.com/bleedingbit/Cisco
SANS ISC

ISC StormCast for Thursday, November 1st 2018

Encrypted Word Maldocs https://isc.sans.edu/forums/diary/More+malspam+using+passwordprotected+Word+docs/24262/iOS / MacOS ICMP Error Remote Code
SANS ISC

ISC StormCast for Wednesday, October 31st 2018

Change in Strategy for Hancitor Malware https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+malspam+starts+pushing+Ursnif+this+week/24256/Apple Updates https://support.apple.com/en-us/HT201222Telegram Stores
SANS ISC

ISC StormCast for Tuesday, October 30th 2018

Maldoc Duplicating PowerShellhttps://isc.sans.edu/forums/diary/Maldoc+Duplicating+PowerShell+Prior+to+Use/24254/New File Types Emerge in Malware Spam Attachments
SANS ISC

ISC StormCast for Monday, October 29th 2018

Dissecting Malicious Office Documents in Linux https://isc.sans.edu/forums/diary/Dissecting+Malicious+Office+Documents+with+Linux/24248/Analyzing Compressed RTF Documents
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.