Hello friend, thank you for tuning into my Cybersecurity News section at jcutrer.com. This section is an experiment. I keep a close eye on the latest developments in Information Security and this is a place for me to take notes and link to notable news, articles, and reports.
Let me know what you think about the content. I will update this article throughout the month with noteworthy InfoSec stories but don’t expect updates every single day. Cheers!
Updated: 8/14/2020
FBI and CISA release analysis of Russian malware Drovorub
Hello friend, thank you for tuning into my Cybersecurity News section at jcutrer.com. This section is an experiment. I keep a close eye on the latest developments in Information Security and this is a place for me to take notes and link to notable news, articles, and reports.
Let me know what you think about the content. I will update this article throughout the month with noteworthy InfoSec stories but don’t expect updates every single day. Cheers!
Updated: 7/15/2020
Microsoft patches wormable RCE in Windows DNS server
With a CVE score of 10.0, this patch should be applied immediately! You are STILL vulnerable even if your DNS service is not publicly accessible.
Workaround
The following registry modification has been identified as a workaround for this vulnerability. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters DWORD = TcpReceivePacketSize Value = 0xFF00
Note: A restart of the DNS Service is required to take effect.
Detect and Remediate Illicit Consent Grants in Office 365
Microsoft seems to be acting on the highly publicized issues with Office 365’s rash of malicious 3rd parts apps connecting to customer’s domain via OAuth.
This is Microsoft’s guide to detecting and removing these rogue authorization.
Tsunami is a vulnerability scanner written in Java. It was originally written for internal security scans at Google. The code scanner and plugins live in two separate GitHub repos.
VirusTotal is one of the most used cybersecurity tools by users and researchers alike. This video from The PC Security Channel on YouTube discusses how to use VirusTotal as a cybersecurity professional to get a deeper insight into threats.
Project Freta is a virtual machine memory analysis tools. The goal of the project is to detect rootkits and stealthy malware by looking for anomalies in memory snapshops.
Currently, the tool is free to use and will read the following memory dump file formats and generate a detailed report.
Supported types:
Elf Core Dump of Physical Memory (.core)
LiME image (.lime)
Raw Physical Memory Dump (.raw)
Hyper-V Memory Snapshot (.vmrs)
As Freta matures it will likely be rolled into Azure Security Center or used at scale to detect malware across Azure VMs.
Excellent interview with Proofpoint’s EVP of Cybersecurity Strategy, Ryan Kalember. Ryan describes in detail some of the ways cybercriminals are leveraging Azure Apps for Office 365 to run their stealthy BEC campaigns.
Patrick Gray points out the vulnerable position Microsoft leaves it’s Office 365 customers in when they don’t pay for expensive Azure AD P1 licenses.
In the wake of COVID-19, EFF profiles invasive employee monitoring (bossware) software
Companies are beginning to tract remote workers with a multitude of spy tools, sometimes referred to as Bossware.
Some of the software profiled allow employers to tract GPS location, take chronological screenshots of the desktop and even covertly activate the webcam and microphone.
Microsoft Releases out-of-band Emergency Security Updates for Windows 10, Server 2019
CVE-2020-1425 is a remote code execution vulnerability in the HEVC codec plugin installed from the Microsoft Store. With a CVSS score of 7.3, this vulnerability has a rating of Critical. The HEVC codec library is not installed by default on Windows 10.
CVE-2020-1457 is a related remote code execution vulnerability with a rating of Important.
This is a place for me to save Python related news, notes and code snippets that I find interesting. One post per month updated throughout. This is experimental, I hope I can find enough time to keep these posts going.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok