SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Nov 2, 2021 • 7min
ISC StormCast for Tuesday, November 2nd, 2021
Trojan Source: Invisible Vulnerabilities
https://www.trojansource.codes/trojan-source.pdf
Detecting HTTP Header Smuggling Vulnerabilities
https://www.darkreading.com/application-security/free-tool-scans-web-servers-for-vulnerability-to-http-header-smuggling-attacks
Kaspersky Lost Amazon Simple Email Service Token
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021_phishing
Nov 1, 2021 • 5min
ISC StormCast for Monday, November 1st, 2021
Remote Desktop Protocol RDP Discovery
https://isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/
Sysmon Update
https://isc.sans.edu/forums/diary/Sysinternals+Autoruns+and+Sysmon+updates/27986/
Google Chrome Updates
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
AbstractEmu Malware Roots Android
https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign
Microsoft Defender For Endpoint Web Content Filtering
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/web-content-filtering-now-generally-available-on-windows/ba-p/2893357
Oct 29, 2021 • 6min
ISC StormCast for Friday, October 29th, 2021
Critical Hikvision Patch
https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
Shrootless Vulnerability in MacOS
https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/
More Malicious NPM Libraries
https://www.theregister.com/2021/10/27/npm_roblox_ransomware/
Oct 28, 2021 • 5min
ISC StormCast for Thursday, October 28th, 2021
Outlook Web Access Phishing
https://isc.sans.edu/forums/diary/Hunting+for+Phishing+Sites+Masquerading+as+Outlook+Web+Access/27974/
Apple Security Updates Details Available
https://support.apple.com/en-us/HT201222
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
PinkBot Botnet Uses DoH
https://blog.netlab.360.com/pinkbot/
Jira Insight Patch
https://confluence.atlassian.com/adminjiraserver/jira-service-management-security-advisory-2021-10-20-1085186548.html
Oct 27, 2021 • 6min
ISC StormCast for Wednesday, October 27th, 2021
Apple Updates Everything (but no details yet)
https://support.apple.com/en-sa/HT201222
Craigslist E-Mail Hijack
https://www.inky.com/blog/urgency-mail-relay-serve-phishers-well-on-craigslist
UltimaSMS Android Malware
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
Firefox Proxy Malware
https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/
Oct 26, 2021 • 5min
ISC StormCast for Tuesday, October 26th, 2021
Decrypting Cobalt Strike Traffic
https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+a+Leaked+Private+Key/27968/
Critical Discourse Vulnerability
https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse
Discourse Discussion Platform RCE
https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq
https://0day.click/recipe/discourse-sns-rce/
ua-parser-js malware
https://github.com/advisories/GHSA-pjwm-rvh2-c87w
Vulnerable Billing Software BillQuick Web Used to Deploy Ransomware
https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
Oct 25, 2021 • 6min
ISC StormCast for Monday, October 25th, 2021
Malware Quiz
https://isc.sans.edu/forums/diary/October+2021+Contest+Forensic+Challenge/27960/ Odd Zip Files https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Decrypting Cobalt Strike Configurations Using Known Secret Keys https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/ Tracking BLE Fingerprints https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf GPS Software Bug https://us-cert.cisa.gov/ncas/current-activity/2021/10/21/gps-daemon-gpsd-rollover-bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/
Oct 22, 2021 • 6min
ISC StormCast for Friday, October 22nd, 2021
Stolen Images Evidence Campaign Pushes Sliver Based Malware
https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/
FiveSys Rootkit Signed By Microsoft
https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2021.html
WinRAR Vulnerability
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
Crypto Mining npm Libraries
https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices
Oct 21, 2021 • 6min
ISC StormCast for Thursday, October 21st, 2021
Thanks to Covid 19: New Types of Documents are Lost in the Wild
https://isc.sans.edu/forums/diary/Thanks+to+COVID19+New+Types+of+Documents+are+Lost+in+The+Wild/27952/
Google Chrome 95 Released
https://chromestatus.com/roadmap
Squirrel VM Bug
https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html
BlackByte Decryptor Released
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
https://github.com/SpiderLabs/BlackByteDecryptor
Oct 20, 2021 • 5min
ISC StormCast for Wednesday, October 20th, 2021
Can You Make the Great Chinese Firewall Work For You
https://isc.sans.edu/forums/diary/Can+you+make+the+Great+Chinese+Firewall+work+for+you/27948/
Fake Government Assistance Websites
https://www.ic3.gov/Media/Y2021/PSA211015
TA505 Coming Back
https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant
BlackMatter Ransomware
https://us-cert.cisa.gov/ncas/alerts/aa21-291a
