# SANS ISC

• Mirai-alike Python Scanner, (Tue, Oct 20th) Tue, 20 Oct 2020 06:36:59 GMT
  Last week, I found an interesting Python script that behaves like a Mirai bot[1]. It scans for vulnerable devices exposing their telnet (TCP/23) interface in the wild, then tries to connect using a dictionary of credentials. The script has been uploaded to VT and has a low score of 2/59[2]. Indeed, it does not contain suspicious strings nor API calls. Just a simple but powerful scanner.
• ISC Stormcast For Tuesday, October 20th 2020 https://isc.sans.edu/podcastdetail.html?id=7216, (Tue, Oct 20th) Tue, 20 Oct 2020 02:00:04 GMT
• ISC Stormcast For Monday, October 19th 2020 https://isc.sans.edu/podcastdetail.html?id=7214, (Mon, Oct 19th) Mon, 19 Oct 2020 02:00:03 GMT
• File Selection Gaffe, (Sun, Oct 18th) Sun, 18 Oct 2020 19:43:52 GMT
  Have you ever sent out the wrong file? I know it has happened to me, attaching the wrong file to an email.
• CVE-2020-5135 - Buffer Overflow in SonicWall VPNs - Patch Now, (Sat, Oct 17th) Sat, 17 Oct 2020 16:22:00 GMT
  Discovered by Tripwire VERT, CVE-2020-5135 is a buffer overflow vulnerability in the popular SonicWall Network Security Appliance (NSA) which can permit an unauthenticated bad guy to execute arbitrary code on the device.
• CVE-2020-3991 VMWare Security Advisory for VMWare Horizon Client - https://www.vmware.com/security/advisories/VMSA-2020-0022.html, (Fri, Oct 16th) Fri, 16 Oct 2020 21:49:32 GMT
  -- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)
• Traffic Analysis Quiz: Ugly-Wolf.net, (Fri, Oct 16th) Fri, 16 Oct 2020 03:51:07 GMT
  Introduction
• ISC Stormcast For Friday, October 16th 2020 https://isc.sans.edu/podcastdetail.html?id=7212, (Fri, Oct 16th) Fri, 16 Oct 2020 02:00:04 GMT
• CVE-2020-16898: Windows ICMPv6 Router Advertisement RRDNS Option Remote Code Execution Vulnerability, (Thu, Oct 15th) Thu, 15 Oct 2020 18:53:05 GMT
  Highlights
• Nicely Obfuscated Python RAT , (Wed, Oct 14th) Thu, 15 Oct 2020 06:48:47 GMT
  While hunting, I found an interesting Python script. It matched one of my YARA rules due to the interesting list of imports but the content itself was nicely obfuscated. The script SHA256 hash is c5c8b428060bcacf2f654d1b4d9d062dfeb98294cad4e12204ee4aa6e2c93a0b and the current VT score is only 2/59![1]

# Reddit netsec

# Krebs On Security

• QAnon/8Chan Sites Briefly Knocked Offline Mon, 19 Oct 2020 04:03:45 +0000
  A phone call to an Internet provider in Oregon on Sunday evening was all it took to briefly sideline multiple websites related to 8chan/8kun -- a controversial online image board linked to several mass shootings -- and QAnon, the far-right conspiracy theory which holds that a cabal of Satanic pedophiles is running a global child sex-trafficking ring and plotting against President Donald Trump. Following a brief disruption, the sites have come back online with the help of an Internet company based in St. Petersburg, Russia.
• Breach at Dickey’s BBQ Smokes 3M Cards Thu, 15 Oct 2020 20:44:44 +0000
  One of the digital underground's most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the payment card data was stolen in a two-year-long data breach at more than 100 Dickey's Barbeque Restaurant locations around the country.
• Microsoft Patch Tuesday, October 2020 Edition Tue, 13 Oct 2020 20:10:36 +0000
  It's Cybersecurity Awareness Month! In keeping with that theme, if you (ab)use Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system. That means it's once again time to backup and patch up.