SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A Few Sample #Drupal Exploits including CVE-2018-7602 https://isc.sans.edu/forums/diary/More+Threat+Hunting+with+User+Agent+and+Drupal+Exploits/23597/ Triggering SMB Connections to Steal NTLM Credentials via PDFs https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/ NTFS Crash DoS Exploit Published for Windwos 10 and 7 https://github.com/mtivadar/windows10_ntfs_crash_dos Apple HomeKit / Secure Element Problems https://www.youtube.com/watch?v=1CNAMgctAp0 Azucar Assessing Azure Security https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/introducing-azucar/

HP iLO Ransomware https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/ Total Meltdown Exploit Available https://blog.xpnsec.com/total-meltdown-cve-2018-1038/ WD My Cloud EX2 Access Control Bypass https://www.trustwave.com/Resources/SpiderLabs-Blog/WD-My-Cloud-EX2-Serves-Your-Files-to-Anyone/ Hyperoptic ZTE Home Router Hardcoded Account https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers

New Drupal Remote Code Execution Vulnerability https://www.drupal.org/sa-core-2018-004 Malicious Network Traffic From /bin/bash https://isc.sans.edu/forums/diary/Malicious+Network+Traffic+From+binbash/23591/ Insecure Hotel Locks https://safeandsavvy.f-secure.com/2018/04/25/researchers-find-way-to-generate-master-keys-to-hotels/ Amazon Echo As Evesdropping Device (signin required) https://info.checkmarx.com/wp-alexa

Paying For Ransomware Often Fails to Recover Files https://cyber-edge.com/cdr/#about-this-report Microtik Router Malware Infects Sysadmin PCs https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf CNNVD Held Back Vulnerabilities https://www.recordedfuture.com/chinese-mss-vulnerability-influence/ Keeper Exposes S3 Bucket http://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/ https://keepersecurity.com/blog/2018/03/10/keepers-response-zdnets-article-regarding-s3-bucket-configuration-issue/ Chip and Pin Clones https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/

Apache Solr Vulnerability used to Install Cryptocoin Miner https://isc.sans.edu/forums/diary/Apache+SOLR+the+new+target+for+cryptominers/23425/ CRIMEB4NK IRC Bot https://isc.sans.edu/forums/diary/CRIMEB4NK+IRC+Bot/23423/ Cisco Patches https://tools.cisco.com/security/center/publicationListing.x Any.Run Malware Analysis Tool https://any.run

Ransomware News: GlobeImposter Gets A Facelift, GandCrab is Still Out there https://isc.sans.edu/forums/diary/Ransomware+news+GlobeImposter+gets+a+facelift+GandCrab+is+still+out+there/23417/ How to Break Encryption https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to-break-encryption/ Bypassing Adobe Flash Security Protections https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/ Hundreds of Bitcoin Mining Servers Stolen in Iceland https://www.theguardian.com/world/2018/mar/07/hundreds-of-bitcoin-mining-servers-stolen-in-iceland Several Android Mail Apps Send Password To Developer (article in German) https://www.kuketz-blog.de/mail-apps-zahlreiche-android-apps-uebermitteln-login-passwort/

Exploit for CVE-2018-6789 https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/ Microsoft Fixes USB Issues Introduced By February Patches https://support.microsoft.com/en-us/help/4090913/march5-2018kb4090913osbuild16299-251 123 Reg Looses Backups https://www.bleepingcomputer.com/news/business/123-reg-backup-snafu-causes-clients-to-lose-files-since-august-2017/ Android March Security Bulletin https://source.android.com/security/bulletin/2018-03-01#media-framework

Malicious Bash Script with Multiple Features https://isc.sans.edu/forums/diary/Malicious+Bash+Script+with+Multiple+Features/23411/ More Memcached DDoS Attacks https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/ Spring Framework Vulnerability https://lgtm.com/blog/spring_data_rest_CVE-2017-8046 LTE Vulnerabilities http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE_NDSS18_paper.pdf

Protective Malicious Monero Crypto Coin Miners https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/ memcached DDoS Attacks Ask For Ransom https://blogs.akamai.com/2018/03/memcached-now-with-extortion.html Cheap Android Trojans Come PreInstalled With Banking Malware https://news.drweb.com/show/?lng=en&i=11749&c=5 RedDrop Android Malware Installed via 3rd Party App Stores https://www.wandera.com/blog/reddrop-malware/

Censoring Images At Scale in #WeChat https://isc.sans.edu/forums/diary/Why+Does+Emperor+Xi+Dislike+Winnie+the+Pooh+and+Scrambled+Eggs/23395/ Trustico Update: Certificate Revocation List Monitor https://isc.sans.edu/crls.html Memcached Update: Github Attack https://githubengineering.com/ddos-incident-report/ http://powerofcommunity.net/poc2017/shengbao.pdf Microsoft Releases Intel Spectre Microcode Updates https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates