ISC StormCast for Tuesday, September 5th 2017

Locky Ransom Ware is Back and This Time Pretents to Be a Font https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+HoeflerText+notifications+for+Chrome+and+FireFox/22776/When is a PDF Just a PDF? https://isc.sans.edu/forums/diary/It+is+a+resume+Part+1/22780/Asterisk Vulnerable to RTPBleed https://github.com/EnableSecurity/advisories/tree/master/ES2017-04-asterisk-rtp-bleedArris AT&T Modems With Backdoor https://www.nomotion.net/blog/sharknatto/

Leaky S3 bucket sloshes deets of thousands with US security clearance

Thousands of files containing the personal information of US citizens with classified security clearance have been exposed by an unsecured Amazon server.…

Crypto-busters reverse nearly 320 MEELLION hashed passwords

The anonymous CynoSure Prime “cracktivists” who two years ago reversed the hashes of 11 million leaked Ashley Madison passwords have done it again, this time untangling a stunning 320 million…

Asterisk RTP bug worse than first thought: think intercepted streams

One of the Asterisk bugs published last week is worse than first thought: Enable Security warns it exposes the popular IP telephony system to stream injection and interception without an…

US cops can’t keep license plate data scans secret without reason

Police departments cannot categorically deny access to data collected through automated license plate readers, California's Supreme Court said on Thursday – a ruling that may help privacy advocates monitor government…