SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Nov 15, 2021 • 6min
ISC StormCast for Monday, November 15th, 2021
Not So Fake FBI E-Mails
https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails
https://isc.sans.edu/forums/diary/External+Email+System+FBI+Compromised+Sending+Out+Fake+Warnings/28034/
https://twitter.com/spamhaus/status/1459450061696417792
Reversing Obfuscated Maldoc with BASE64
https://isc.sans.edu/forums/diary/Obfuscated+Maldoc+Reversed+BASE64/28030/
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
VMWare VCenter Update
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
Windows User Profile 0-Day LPE
https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html
Nov 12, 2021 • 3min
ISC StormCast for Friday, November 12th, 2021
In Memory of Alan Paller. Cyber Security Industry Titan and SANS Institute Founder
https://www.sans.org/press/announcements/alan-paller-cyber-security-industry-titan-and-sans-institute-founder-passes-away/
https://isc.sans.edu/forums/diary/In+Memory+of+Alan+Paller/28026/
Nov 11, 2021 • 7min
ISC StormCast for Thursday, November 11th, 2021
Shadow IT Makes People More Vulnerable to Phishing
https://isc.sans.edu/forums/diary/Shadow+IT+Makes+People+More+Vulnerable+to+Phishing/28022/
PaloAlto Networks GlobalProtect VPN CVE-2021-3064
https://www.randori.com/blog/cve-2021-3064/?i=2
Citrix ADC/Gateway/SD-WAN WANOP Patch
https://support.citrix.com/article/CTX330728
HPE Aruba Breach
https://www.arubanetworks.com/support-services/security-bulletins/central-incident-faq/
LiveStream: Application Security; Web Apps, APIs & Microservices
youtu.be/6gGB7skXvpg
2pm ET Today (not 1pm as mentioned in the podcast
Nov 10, 2021 • 7min
ISC StormCast for Wednesday, November 10th, 2021
Microsoft November 2021 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+November+2021+Patch+Tuesday/28018/
Adobe Patches
https://helpx.adobe.com/security.html
BusyBox Vulnerabilities
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
Nov 9, 2021 • 7min
ISC StormCast for Tuesday, November 9th, 2021
(Ab)Using Security Tools & Controls for the Bad
https://isc.sans.edu/forums/diary/AbUsing+Security+Tools+Controls+for+the+Bad/28014/
Targeted Attack Campaign Against ManageEngine ADSelfService Plus
https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
Image-Scaling Attacks in Machine Learning
https://www.usenix.org/system/files/sec20fall_quiring_prepub.pdf
Nov 8, 2021 • 5min
ISC StormCast for Monday, November 8th, 2021
Decyprting Cobalt Strike Traffic With Keys Extracted From Process Memory
https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+Keys+Extracted+From+Process+Memory/28006/
XMount for Disk Images
https://isc.sans.edu/forums/diary/Xmount+for+Disk+Images/28002/
More Proactive SIMs
https://medium.com/telecom-expert/more-proactive-sims-f8da2ef8b189
Thunderbird Update
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/
Nov 5, 2021 • 7min
ISC StormCast for Friday, November 5th, 2021
October 2021 Forensic Contest Answers and Analysis
https://isc.sans.edu/forums/diary/October+2021+Forensic+Contest+Answers+and+Analysis/27998/
CVE-2021-43267: Remote Linux Kernel Heap Overflow in TIPC Module
https://www.sentinelone.com/labs/tipc-remote-linux-kernel-heap-overflow-allows-arbitrary-code-execution/
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
The Security Risk of Lacking Compiler Protection in WebAssembly
https://arxiv.org/abs/2111.01421
Nov 4, 2021 • 5min
ISC StormCast for Thursday, November 4th, 2021
Gitlab CVE-2021-22205 Exploited (and often not patched)
https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/
New Proxy Shell Exploits Seen Against Exchange
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html
Blackmatter Shutting Down Again
https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/
Android 0-Day Patched
https://source.android.com/security/bulletin/2021-11-01
Nov 3, 2021 • 6min
ISC StormCast for Wednesday, November 3rd, 2021
Revisiting BrakTooth: Two Months Later
https://isc.sans.edu/forums/diary/Revisiting+BrakTooth+Two+Months+Later/27992/
Escalating XSS to Sainthood with Nagios
https://blog.grimm-co.com/2021/11/escalating-xss-to-sainthood-with-nagios.html
Pentaho Business Analytics Vulnerablity
https://hawsec.com/publications/pentaho/HVPENT210401-Pentaho-BA-Security-Assessment-Report-v1_1.pdf
Nov 2, 2021 • 7min
ISC StormCast for Tuesday, November 2nd, 2021
Trojan Source: Invisible Vulnerabilities
https://www.trojansource.codes/trojan-source.pdf
Detecting HTTP Header Smuggling Vulnerabilities
https://www.darkreading.com/application-security/free-tool-scans-web-servers-for-vulnerability-to-http-header-smuggling-attacks
Kaspersky Lost Amazon Simple Email Service Token
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021_phishing
