Powershell Bot with Multiple C2 Protocols, (Mon, Aug 3rd)Wed, 05 Aug 2020 04:54:55 GMT I spotted another interesting Powershell script. It&#;x26;#;39;s a bot and is delivered through a VBA macro that spawns an instance of msbuild.exe This Windows tool is often used to compile/execute malicious on the fly (I already wrote a diary about this technique[1]). I don't have the original document but based on a technique used in the macro, it is part of a Word document. It calls Document_ContentControlOnEnter[2]:
Internet Choke Points: Concentration of Authoritative Name Servers, (Tue, Aug 4th)Tue, 04 Aug 2020 15:01:00 GMT A utopian vision of the Internet often describes it as a distributed partnership of equals giving everybody the ability to publish and discover information worldwide. This open, democratic Internet is often little more than an imaginary legacy construct that may have existed at some time in the distant past, if ever. Reality: Today, the Internet is governed by a few large entities. Diverse interconnectivity and content distribution were also supposed to make the Internet more robust. But as it has been shown over and over again, a simple misconfiguration at a single significant player will cause large parts of the network to disappear.
Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues , (Tue, Aug 4th)Tue, 04 Aug 2020 11:20:29 GMT Just a quick reminder: We are continuing to see small numbers of exploit attempts against CVE-2020-3452. Cisco patched this directory traversal vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The exploit is rather simple and currently used to find vulnerable systems by reading benign LUA source code files.
What pages do bad bots look for?, (Sat, Aug 1st)Sat, 01 Aug 2020 14:28:20 GMT I've been wondering for some time now about what pages and paths are visited the most by “bad†bots – scrapers, data harvesters and other automated scanners which disregards the exclusions set in robots.txt[1]. To determine this, I've set up a little experiment – I placed robots.txt on one of my domains, which disallowed access to commonly used paths and PHP pages which might of interest to bots (login.php, /wp-admin/, etc.), configured the server to provide HTTP 200 response for these paths and pages and started logging details about requests sent to them.
Building a .freq file with Public Domain Data Sources, (Fri, Jul 31st)Fri, 31 Jul 2020 22:52:19 GMT This diary started out as a frequency analysis of zone files for domains that expire before May 2023. Our intent was to look for frequency of random on all Generic Top-Level Domains (gTLDs). This exercise quickly turned into “create the freq file†for the analysis.
Twitter Could Face $250M FTC Fine Over Improper Data UseTue, 04 Aug 2020 14:46:36 +0000 The potential FTC fine comes after Twitter last year acknowledged that user emails and phone numbers were being used for targeted advertising.
Podcast: Learning to ‘Speak the Language’ of OT Security TeamsTue, 04 Aug 2020 12:19:40 +0000 Andrew Ginter, VP Industrial Security at Waterfall Security Solutions, talks about the differing priorities between IT and OT security teams as industrial control systems become connected.
Netgear Won’t Patch 45 Router Models Vulnerable to Serious FlawMon, 03 Aug 2020 19:03:46 +0000 Almost two months after a high-severity flaw was disclosed - and seven months after it was first reported - Netgear has yet to issue fixes for 45 of its router models.
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec HolesMon, 03 Aug 2020 15:13:40 +0000 With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com - and why they are the "holy grail" for attackers.
Meetup Critical Flaws Allow ‘Group’ Takeover, Payment TheftMon, 03 Aug 2020 13:05:11 +0000 Researchers disclosed critical flaws in the popular Meetup service at Black Hat USA 2020 this week, which could allow takeover of Meetup "Groups."
# Reddit netsec
# Krebs On Security
Robocall Legal Advocate Leaks Customer DataMon, 03 Aug 2020 22:18:02 +0000 A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.
Three Charged in July 15 Twitter CompromiseFri, 31 Jul 2020 21:43:11 +0000 Three individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world's most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam.
Is Your Chip Card Secure? Much Depends on Where You BankThu, 30 Jul 2020 15:09:24 +0000 Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards.