SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Decoding Malicious VBA Office Document Without Source Code https://isc.sans.edu/forums/diary/Malicious+VBA+Office+Document+Without+Source+Code/24870/ More Updates on "ShadowHammer" Supply Chain Attack https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/ A Malicious Sight in Google Sites https://www.netskope.com/blog/malicious-google-sites

.rar Files Exploiting ACE Vulneraiblity CVE-2018-20250 https://isc.sans.edu/forums/diary/rar+Files+and+ACE+Exploit+CVE201820250/24864/ Malware Senders Become Younger and Less Sophisticated (in German) https://www.heise.de/security/meldung/Malware-Verteiler-werden-immer-juenger-infizieren-sich-oft-selbst-4403823.html McAfee Antivirus Affected by April Windows Update Crashes http://kc.mcafee.com/corporate/index?page=content&id=KB91465 Rules to Protect Against Azure Blog Phishing in Outlook 365 https://malware-research.org/simple-rule-to-protect-against-spoofed-windows-net-phishing-attacks/ Windows 7 End of Support Messages https://www.windowslatest.com/2019/04/20/windows-7-users-are-now-receiving-the-end-of-support-notifications/

Analyzing UDF Files Using Python https://isc.sans.edu/forums/diary/Analyzing+UDF+Files+with+Python/24860/ HTML Ping To Be Adopted By All Major Browsers https://webkit.org/blog/8821/link-click-analytics-and-privacy/ Microsoft to Modify Edge User Agent for Some Sites https://www.onmsft.com/news/new-edge-insider-browser-can-change-user-agent-strings-based-on-what-website-youre-visiting French Government Chat System Used Weak User Management https://m.heise.de/security/meldung/Tchap-Frankreichs-nicht-so-exklusiver-Regierungschat-4403961.html

Malware Delivered As a UDF .img file https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Image/24854/ Facebook Stored Passwords in Plain Text https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/ Iranian Statesponsored Malware and Data Leaked https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html Windows 8 Live Tiles Domain Takeover https://www.golem.de/news/subdomain-takeover-microsoft-verliert-kontrolle-ueber-windows-kacheln-1904-140709.html

DNS Hijacking by Sea Turtle https://blog.talosintelligence.com/2019/04/seaturtle.html Broadcom Wifi Driver Vulnerabilities https://www.kb.cert.org/vuls/id/166939/ NamPoHyu Virus Infects Samba Servers https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/ Increased Attacks on Confluence https://twitter.com/DFNCERT/status/1118468599230943233

PoC Exploit for Windows 10 DHCP Client Vulnerability CVE-2019-0726 (russian) https://habr.com/ru/company/pt/blog/448378/ Oracle April 2019 Critical Patch Update https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html WiPro Breached Via Phishing Attacks https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/ IDA and GHydra Part 2 (Strings And Parameters) https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+2+strings+and+parameters/24848/

Common "False Positives" in DNS Query Logs https://isc.sans.edu/forums/diary/Odd+DNS+Requests+that+are+Normal/24844/ Adblock Plus Allows Filter List Providers to Inject Code in Pages https://armin.dev/blog/2019/04/adblock-plus-code-injection/ Executables in Polyglot DICOM Images https://github.com/d00rt/pedicom/blob/master/doc/Attacking_Digital_Imaging_and_Communication_in_Medicine_(DICOM)_file_format_standard_-_Markel_Picado_Ortiz_(d00rt).pdf Malicious/Misleading VPN Ads https://www.bleepingcomputer.com/news/security/mobile-vpns-promoted-by-you-are-infected-or-hacked-ads/

Configuring MTA-STS https://isc.sans.edu/forums/diary/Configuring+MTASTS+and+TLS+Reporting+For+Your+Domain/24840/ How to Find Hidden Cameras in Your AirBNB https://isc.sans.edu/forums/diary/How+to+Find+Hidden+Cameras+in+your+AirBNB/24834/ Insecure Storage of VPN Credentials https://www.kb.cert.org/vuls/id/192371/ Microsoft Patch Problems https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472 https://support.microsoft.com/en-us/help/4493446/windows-8-1-update-kb4493446 Internet Explorer XML External Entity Vulnerability http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt

GMail Will Be Supporting MTA-STS and SMTP TLS Reporting https://tools.ietf.org/html/rfc8461 https://tools.ietf.org/html/rfc8460 https://www.zdnet.com/article/gmail-becomes-first-major-email-provider-to-support-mta-sts-and-tls-reporting/ Juniper Patch Fixes Static Password in Junos OS https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10923&actp=METADATA Uniden Commercial IP Camera Site Hosting Malware https://twitter.com/JayTHL/status/1116200014630596609

WPA3 Dragonblood Vulnerability http://papers.mathyvanhoef.com/dragonblood.pdf North Korean Trojan: HOPLIGHT https://www.us-cert.gov/ncas/analysis-reports/AR19-100A Gaza Cybergang Group1 "SneakyPastes" https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/