SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

iOS 12.4 Jailbreak Released after Reindruced Vulnerability form 12.2 https://github.com/pwn20wndstuff/Undecimus/releases SHA2-Signed Updates for Windows Not Available with Symantec Endpoint Protection https://support.symantec.com/us/en/article.tech255857.html Attacking and Downgrading Bluetooth Key Negotiation https://knobattack.com

Large Number of VoIP System Vulnerabilities Released https://www.sit.fraunhofer.de/en/cve/ Confidential Company Documents Leaked in Public Sandboxes https://blog.cylab.co/2019/08/16/confidential-company-documents-exposed-in-public-sandboxes/ https://www.sit.fraunhofer.de/en/news-events/latest/press-releases/details/news-article/show/gefahr-uebers-telefon/ Trend Micro Password Manager DLL Hijacking https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx Firefox Password Manager May Leak Passwords https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/#CVE-2019-11733

Analysis of a Spearphishing Maldoc https://isc.sans.edu/forums/diary/Analysis+of+a+Spearphishing+Maldoc/25242/ IoT Security Stagnation https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/ Kaspersky Insecurity https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html

MedusaHTTP Malware https://isc.sans.edu/forums/diary/Recent+example+of+MedusaHTTP+malware/25234/ Cryptominer uses DuckDNS for C&C https://www.varonis.com/blog/monero-cryptominer/ Intel NUC Vulnerabilities https://www.intel.com/content/www/us/en/security-center/default.html HTTP/2 Vulnerabilities https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/August+2019+Microsoft+Patch+Tuesday/25236/ Adobe Patches https://helpx.adobe.com/security.html Windows Text Services Vulnerabilities https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html#ftnt2

Malicious DAA Attachments https://isc.sans.edu/forums/diary/Malicious+DAA+Attachments/25230/ SQLLite Exploits https://research.checkpoint.com/select-code_execution-from-using-sqlite/ Printer Vulnerabilities https://www.defcon.org/html/defcon-27/dc-27-speakers.html#Romero https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/?research=Technical+advisories

100% JavaScript Phishing Page https://isc.sans.edu/forums/diary/100+JavaScript+Phishing+Page/25220/ Vulnerabilities in DSLR Cameras https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/ https://global.canon/en/support/security/d-camera.html Turning Tesla into Surveilance Platform https://github.com/tevora-threat/scout Basic Electron Framework Exploitation https://www.contextis.com/en/blog/basic-electron-framework-exploitation

Kubernetes Security Audit Published https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Final%20Report.pdf https://www.cncf.io/blog/2019/08/06/open-sourcing-the-kubernetes-security-audit/ Apple Expands Bug Bounty https://www.blackhat.com/us-19/briefings/schedule/index.html#behind-the-scenes-of-ios-and-mac-security-17220 https://www.forbes.com/sites/thomasbrewster/2019/08/08/apple-confirms-1-million-reward-for-hackers-who-find-serious-iphone-vulnerabilities/ 0-Day Privilege Escalation in Steam Client https://amonitoring.ru/article/steamclient-0day/ Actual Sextortion Trojan https://www.welivesecurity.com/2019/08/08/varenyky-spambot-campaigns-france/

AT&T Insiders Bribed to Obtain Unlock Codes https://www.justice.gov/usao-wdwa/press-release/file/1191031/download Older RDP Vulnerability Can be Used for HyperV VM Escape https://www.microsoft.com/security/blog/2019/08/07/a-case-study-in-industry-collaboration-poisoned-rdp-vulnerability-disclosure-and-response/ Cisco Patches Smart Switch 220 Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x Firefox for Android Supporting WebAuthn https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/

Corporate IoT Used in Intrusion https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/ New Spectre Variant: SWAPGS https://www.bitdefender.com/business/swapgs-attack.html New WPA3 Weaknesses https://wpa3.mathyvanhoef.com/#new