# SANS ISC

• ISC Stormcast For Wednesday, November 20th 2019 https://isc.sans.edu/podcastdetail.html?id=6758, (Wed, Nov 20th) Wed, 20 Nov 2019 03:00:03 GMT
• Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike, (Wed, Nov 20th) Wed, 20 Nov 2019 01:47:03 GMT
  Introduction
• Cheap Chinese JAWS of DVR Exploitability on Port 60001, (Tue, Nov 19th) Tue, 19 Nov 2019 17:58:38 GMT
  Looking at some local IP addresses in our database during class this week, I came across a host scanning exclusively for %%port:60001%%. Interestingly, we did see a marked increase in scans for this port in recent weeks.
• ISC Stormcast For Tuesday, November 19th 2019 https://isc.sans.edu/podcastdetail.html?id=6756, (Tue, Nov 19th) Tue, 19 Nov 2019 03:00:02 GMT
• SMS and 2FA: Another Reason to Move away from It., (Mon, Nov 18th) Mon, 18 Nov 2019 04:55:21 GMT
  Developing applications around SMS has become very popular, with several companies offering simple to use APIs and attractive pricing to send and receive SMS. One security-related application of these SMS APIs (for the right or wrong reasons) has been simple two-factor authentication. This time, I don&#;x26;#;39;t want to talk so much about the security reasons not to use SMS to authenticate to critical systems, but some of the technical changes that are happening with SMS in the US and Canada.
• ISC Stormcast For Monday, November 18th 2019 https://isc.sans.edu/podcastdetail.html?id=6754, (Mon, Nov 18th) Mon, 18 Nov 2019 03:00:04 GMT
• ISC Stormcast For Friday, November 15th 2019 https://isc.sans.edu/podcastdetail.html?id=6752, (Fri, Nov 15th) Fri, 15 Nov 2019 03:00:02 GMT
• Some packet-fu with Zeek (previously known as bro), (Mon, Nov 11th) Thu, 14 Nov 2019 19:42:33 GMT
  During an incident response process, one of the fundamental variables to consider is speed. If a net capture is being made where we can presumably find evidence that who and how is causing an incident, any second counts in order to anticipate the attacker in the cyber kill chain sequence.
• ISC Stormcast For Wednesday, November 13th 2019 https://isc.sans.edu/podcastdetail.html?id=6750, (Wed, Nov 13th) Wed, 13 Nov 2019 03:00:03 GMT
• An example of malspam pushing Lokibot malware, November 2019, (Wed, Nov 13th) Wed, 13 Nov 2019 01:11:37 GMT
  Introduction

# Reddit netsec

# Krebs On Security

• Ransomware Bites 400 Veterinary Hospitals Tue, 19 Nov 2019 14:43:18 +0000
  National Veterinary Associates (NVA), a California company that owns more than 700 animal care facilities around the globe, is still working to recover from a ransomware attack late last month that affected more than half of those properties, separating many veterinary practices from their patient records, payment systems and practice management software. NVA says it expects to have all facilities fully back up and running normally within the next week.
• Why Were the Russians So Set Against This Hacker Being Extradited? Mon, 18 Nov 2019 21:19:10 +0000
  The Russian government has for the past four years been fighting to keep 29-year-old alleged cybercriminal Alexei Burkov from being extradited by Israel to the United States. When Israeli authorities turned down requests to send him back to Russia -- supposedly to face separate hacking charges there -- the Russians then imprisoned an Israeli woman for seven years on trumped-up drug charges in a bid to trade prisoners. That effort failed as well, and Burkov had his first appearance in a U.S. court last week. What follows are some clues that might explain why the Russians are so eager to reclaim this young man.
• Orcus RAT Author Charged in Malware Scheme Wed, 13 Nov 2019 15:41:17 +0000
  In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT, a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.