SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Sep 21, 2021 • 6min
ISC StormCast for Tuesday, September 21st, 2021
OMIGOD Exploits Captured in the Wild.
https://isc.sans.edu/forums/diary/OMIGOD+Exploits+Captured+in+the+Wild+Researchers+responsible+for+half+of+scans+for+related+ports/27852/
Apple iOS/iPadOS/tvOS 15 Updates (and WatchOS, Xcode, Safari)
https://support.apple.com/en-us/HT201222
ManageEngine ADSelfService Plus Exploited
https://us-cert.cisa.gov/ncas/alerts/aa21-259a
Sep 20, 2021 • 6min
ISC StormCast for Monday, September 20th, 2021
Malicious Calendar Subscriptions Are Back
https://isc.sans.edu/forums/diary/Malicious+Calendar+Subscriptions+Are+Back/27846/
Simple Analysis of a CVE-2021-40444 (MSHTML) Document
https://isc.sans.edu/forums/diary/Simple+Analysis+Of+A+CVE202140444+docx+Document/27848/
Mirai Botnet Hunting OMIGOD
https://twitter.com/1ZRR4H/status/1438580885142507528
https://isc.sans.edu/port.html?port=1270
Exploit for Netgear Flaws Available
https://gynvael.coldwind.pl/?id=742
Sep 17, 2021 • 7min
ISC StormCast for Friday, September 17th, 2021
Phishing 101: why depend on one suspicious message subject when you can use many
https://isc.sans.edu/forums/diary/Phishing+101+why+depend+on+one+suspicious+message+subject+when+you+can+use+many/27842/
PrintNightmare Fix Breaks Network Printing
https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/
Malware Taking Advantage of Linux Subsystem for Windows
https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/
Travis CI Patch
https://travis-ci.community/t/security-bulletin/12081
IBM System x IMM Vulnerability
https://support.lenovo.com/es/en/product_security/len-66347
Fake iTerm installing Malware on OS X
https://objective-see.com/blog/blog_0x66.html
Sep 16, 2021 • 5min
ISC StormCast for Thursday, September 16th, 2021
Hancitor Campaign Abusing Microsoft's OneDrive
https://isc.sans.edu/forums/diary/Hancitor+campaign+abusing+Microsofts+OneDrive/27838/
"Secret"Agent Exposes Azure Customers To Unauthorized Code Execution
https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
Sep 15, 2021 • 5min
ISC StormCast for Wednesday, September 15th, 2021
Microsoft Patches
https://isc.sans.edu/forums/diary/Microsoft+September+2021+Patch+Tuesday/27834/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Sep 14, 2021 • 5min
ISC StormCast for Tuesday, September 14th, 2021
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Citizenlab Discloses NSO Exploit Details
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Google Chrome Update
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
WooCommerce Multi Currency Plugin Vulnerablity
https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/
Sep 13, 2021 • 6min
ISC StormCast for Monday, September 13th, 2021
Shipping Microsoft DNS Logs to Elasticsearch
https://isc.sans.edu/forums/diary/Shipping+to+Elasticsearch+Microsoft+DNS+Logs/27828/
Exploit Generator for CVE-2021-40444
https://github.com/lockedbyte/CVE-2021-40444
Windows Lock Screen Bypass
https://halove23.blogspot.com/2021/09/zdi-21-1053-bypassing-windows-lock.html
Citrix Hypervisor Update
https://support.citrix.com/article/CTX325319
GitHub Identifies Vulnerable node.js Packages
https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/
Sep 10, 2021 • 7min
ISC StormCast for Friday, September 10th, 2021
ISC/DShield API Updates
https://isc.sans.edu/forums/diary/Updates+to+Our+DatafeedsAPI/27824/
Update on Windows MSHTML Vulnerability
https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/
GitHub Actions check-spelling community workflow GITHUB_TOKEN leakage
https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md
Sep 9, 2021 • 6min
ISC StormCast for Thursday, September 9th, 2021
Protonmail Correction
https://protonmail.com/blog/climate-activist-arrest/
https://protonmail.com/privacy-policy
"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware
https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/
Thyotic Secret Server Critical Update
https://docs.thycotic.com/ss/11.0.0/release-notes/ss-rn-11-0-000007.md
Zoho Vulnerablity Exploited
https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html
Sep 8, 2021 • 6min
ISC StormCast for Wednesday, September 8th, 2021
Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
ProntonMail/VPN Releasing User's IP Address
https://protonmail.com/blog/climate-activist-arrest/
What's App End To End Encryption Questioned (but upheld)
https://twitter.com/evacide/status/1435288900587589632?s=20
PRIVATELOG and STASHLOG Malware Store Payload in Common Log File System (CLFS)
https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
