# SANS ISC

• Powershell Dropping a REvil Ransomware, (Thu, Jan 21st) Thu, 21 Jan 2021 10:13:55 GMT
  I spotted a piece of Powershell code that deserved some investigations because it makes use of RunSpaces[1]. The file (SHA256:e1e19d637e6744fedb76a9008952e01ee6dabaecbc6ad2701dfac6aab149cecf) has a very low VT score: only 1/59![2].
• ISC Stormcast For Thursday, January 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7338, (Thu, Jan 21st) Thu, 21 Jan 2021 03:10:03 GMT
• ISC Stormcast For Wednesday, January 20th, 2021 https://isc.sans.edu/podcastdetail.html?id=7336, (Wed, Jan 20th) Wed, 20 Jan 2021 02:15:02 GMT
• Qakbot activity resumes after holiday break, (Wed, Jan 20th) Wed, 20 Jan 2021 00:23:18 GMT
  Introduction
• 
Security Detection & Response Alert Output Usability Survey https://www.surveymonkey.com/r/TAOvsVAO, (Tue, Jan 19th) Tue, 19 Jan 2021 03:16:16 GMT
• Gordon for fast cyber reputation checks, (Tue, Jan 19th) Tue, 19 Jan 2021 03:15:48 GMT
  Gordon quickly provides threat & risk information about observables
• ISC Stormcast For Tuesday, January 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7334, (Tue, Jan 19th) Tue, 19 Jan 2021 02:00:03 GMT
• The CIS Benchmark for Cisco Nexus (NX-OS) 1.0 went live last week, find it here: https://www.cisecurity.org/cis-benchmarks/, (Mon, Jan 18th) Mon, 18 Jan 2021 15:30:52 GMT
  =============== Rob VandenBrink
• 
Doc & RTF Malicious Document, (Mon, Jan 18th) Mon, 18 Jan 2021 06:48:17 GMT
  A reader pointed us to a malicious Word document.
• ISC Stormcast For Monday, January 18th, 2021 https://isc.sans.edu/podcastdetail.html?id=7332, (Mon, Jan 18th) Mon, 18 Jan 2021 02:00:02 GMT

# Reddit netsec

# Krebs On Security

• New Charges Derail COVID Release for Hacker Who Aided ISIS Tue, 19 Jan 2021 18:39:30 +0000
  A hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. The new charges have derailed plans to deport him under compassionate release because of the COVID-19 pandemic.
• Joker’s Stash Carding Market to Call it Quits Mon, 18 Jan 2021 19:50:01 +0000
  Joker's Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it's closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers.
• Microsoft Patch Tuesday, January 2021 Edition Wed, 13 Jan 2021 01:32:20 +0000
  Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.