Tuesday, May 26, 2020
SANS ISC

ISC StormCast for Tuesday, May 26th 2020

Malicious PowerPoint Add-Ins Deliver Malwarehttps://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Virtual Machine Delivers Malwarehttps://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/ iOS
SANS ISC

ISC StormCast for Friday, May 22nd 2020

Malware Triage with FLOSS: API Calls Based Behaviorhttps://isc.sans.edu/forums/diary/Malware+Triage+with+FLOSS+API+Calls+Based+Behavior/26156/ Verizon Breach
SANS ISC

ISC StormCast for Thursday, May 21st 2020

IceID Malware Updatehttps://isc.sans.edu/forums/diary/Microsoft+Word+document+with+malicious+macro+pushes+IcedID+Bokbot/26146/ NXNSAttack DNS Amplificationhttps://www.nxnsattack.com/https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ Adobe Updateshttps://helpx.adobe.com/security.html
SANS ISC

ISC StormCast for Wednesday, May 20th 2020

Spike of Scans for Port 62234https://isc.sans.edu/forums/diary/What+is+up+on+Port+62234/26144/ Cisco Patcheshttps://tools.cisco.com/security/center/publicationListing.xhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB Google Chrome
SANS ISC

ISC StormCast for Tuesday, May 19th 2020

Antivirus & Multiple Detectionshttps://isc.sans.edu/forums/diary/Antivirus+Multiple+Detections/26134/ Office 365 Returning Search Results from
SANS ISC

ISC StormCast for Monday, May 18th 2020

OWA Scanshttps://isc.sans.edu/forums/diary/Scanning+for+Outlook+Web+Access+OWA+Microsoft+Exchange+Control+Panel+ECP/26132/ Edison iOS E-Mail Client Leaks Datahttps://www.theverge.com/2020/5/16/21260967/edison-mail-update-ios-security-bug COMpfun Malware
SANS ISC

ISC StormCast for Friday, May 15th 2020

Rethinking Severityhttps://isc.sans.edu/forums/diary/Patch+Tuesday+Revisited+CVE20201048+isnt+as+Medium+as+MS+Would+Have+You+Believe/26124/ Top Exploited Vulnerabilitieshttps://www.us-cert.gov/ncas/alerts/aa20-133a Zerodium Drops Payouts For iOS/Safari
SANS ISC

ISC StormCast for Thursday, May 14th 2020

Malspam with Links to ZIP Archives Pushes Dridex Malwarehttps://isc.sans.edu/forums/diary/Malspam+with+links+to+zip+archives+pushes+Dridex+malware/26116/ Ramsay
SANS ISC

ISC StormCast for Wednesday, May 13th 2020

Microsoft Patch Tuesdayhttps://isc.sans.edu/forums/diary/Microsoft+May+2020+Patch+Tuesday/26114/ Adobe Security Updateshttps://helpx.adobe.com/security.html Android Applications Expose Firebase
SANS ISC

ISC StormCast for Tuesday, May 12th 2020

Excel 4 Macro Analysis: XLMMacroDeobfuscatorhttps://isc.sans.edu/forums/diary/Excel+4+Macro+Analysis+XLMMacroDeobfuscator/26110/ LinkedIn Phishhttps://youtu.be/g0WHz6rikoc ThunderSpy Thunderbolt Attackhttps://thunderspy.io/
SANS ISC

ISC StormCast for Monday, May 11th 2020

YARA 4.0.0 Releasedhttps://isc.sans.edu/forums/diary/YARA+v400+BASE64+Strings/26106/ VMWare Patches vRealize to Address Saltstack Vulnerabilitieshttps://www.vmware.com/security/advisories/VMSA-2020-0009.html
SANS ISC

ISC StormCast for Friday, May 8th 2020

Scanning With NMAP NSE Scriptshttps://isc.sans.edu/forums/diary/Scanning+with+nmaps+NSE+scripts/26096/ iOS Psychic Paper Vulerabilityhttps://siguza.github.io/psychicpaper/ World
SANS ISC

ISC StormCast for Thursday, May 7th 2020

Keeping an Eye on Malicious Files Life Timehttps://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Malicious+Files+Life+Time/26092/ Fake Crypto
SANS ISC

ISC StormCast for Wednesday, May 6th 2020

Do Cloud Security Features Replace Pesonnel Security Capabilities?https://isc.sans.edu/forums/diary/Cloud+Security+Features+Dont+Replace+the+Need+for+Personnel+Security+Capabilities/26088/ Citrix ShareFile
SANS ISC

ISC StormCast for Tuesday, May 5th 2020

Exploring the Sysmon 11 File Deletion Protectionhttps://isc.sans.edu/forums/diary/Sysmon+and+File+Deletion/26084/ Digicert CT Compromisehttps://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/aKNbZuJzwfM
Tripwire

Updated AnarchyGrabber Steals Passwords, Spreads to Discord Friends

Researchers found an updated version of AnarchyGrabber that steals victims’ plaintext passwords for and infects victims’ friends on Discord. Detected as AnarchyGrabber3, the new trojan variant modified the Discord client’s %AppData%Discordmodulesdiscord_desktop_coreindex.js file upon successful installation. This process gave the...

How To Achieve Balance Between Cybersecurity And The User Experience

Usability and security go hand in hand. If you have usability, then by default, you should have security designed into it.

Determining Liability For Security Breaches Isn’t Black And White

Between the volume of successful cyberattacks and the rising cost of the fallout from those attacks, it's understandable for companies and individuals to want to hold someone responsible.

Why Your Approach To Cybersecurity May Require Shifting Your Mindset

Leaders must redefine the concept of a strong cyber posture and relegate event-based security to its rightful place — as an inferior approach to managing cyber risks and threats.

Trump’s New Intelligence Chief Spells Trouble

John Ratcliffe is the least-qualified director of national intelligence in history—and a staunch partisan as well.