SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrich

Episodes

Mentioned books

undefined
Aug 23, 2021 • 5min

ISC StormCast for Monday, August 23rd, 2021

Waiting for the C2 to Show Up https://isc.sans.edu/forums/diary/Waiting+for+the+C2+to+Show+Up/27772/ DOCX with Embdedded EXE https://isc.sans.edu/forums/diary/docx+With+Embedded+EXE/27776/ Securing Your Windows 365 Cloud PCs https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129 Pegasus Fraud Scam https://www.ehackingnews.com/2021/08/pegasus-iphone-hacks-used-as-bait-in.html Proper Audit Logging for Office 365 https://zolder.io/office-365-audit-logging/
undefined
Aug 20, 2021 • 15min

ISC StormCast for Friday, August 20th, 2021

When Lightning Strikes: What works and doesn't work https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/ Cisco Small Business Router Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5 Blackberry QNX Products Vulnerability https://support.blackberry.com/kb/articleDetail?articleNumber=000082334 SANS.edu Student: Mark Morowcynzski; Decreasing Attacker Dwell Time in Azure Active Directory https://www.sans.org/white-papers/40390/
undefined
Aug 19, 2021 • 5min

ISC StormCast for Thursday, August 19th, 2021

5 Things to Consider Before Moving Back to the Office https://isc.sans.edu/forums/diary/5+Things+to+Consider+Before+Moving+Back+to+the+Office/27762/ Adobe Patches https://helpx.adobe.com/security.html Several Web Sites Infected with Chinese Spyware https://imp0rtp3.wordpress.com/2021/08/12/tetris/ Trickbot Tricks Users with 1Password https://www.ehackingnews.com/2021/08/trickbot-employs-bogus-1password.html
undefined
Aug 18, 2021 • 6min

ISC StormCast for Wednesday, August 18th, 2021

Laravel Exploit Attempts Tageting Vulnerability in "Ignition" https://isc.sans.edu/forums/diary/Laravel+v842+exploit+attempts+for+CVE20213129+debug+mode+Remote+code+execution/27758/ ThroughTek "Kaley" Protocol Vulnerability https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html Fortinet FortiWeb Vulnerability https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/
undefined
Aug 17, 2021 • 5min

ISC StormCast for Tuesday, August 17th, 2021

Triage of Malware Bazaar's Daily Malware Batches https://isc.sans.edu/forums/diary/Extra+Tip+For+Triage+Of+MALWARE+Bazaars+Daily+Malware+Batches/27754/ Realtek SDK Vulnerability https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/ https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf STARTTLS Vulnerabilities https://www.usenix.org/conference/usenixsecurity21/presentation/poddebniak Racoon Infostealer Self Infection https://mobile.twitter.com/HRock/status/1427259563363950596
undefined
Aug 16, 2021 • 6min

ISC StormCast for Monday, August 16th, 2021

Exchange E-Discovery Scans https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Exchange+eDiscovery/27748/ Danabot Distributed Through Malspam https://isc.sans.edu/forums/diary/Example+of+Danabot+distributed+through+malspam/27744/ Weaponizing Middleboxes https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/ https://www.usenix.org/conference/usenixsecurity21/presentation/bock Deep Blue Magic Ransomware https://www.ehackingnews.com/2021/08/deepbluemagic-newly-discovered.html
undefined
Aug 13, 2021 • 3min

ISC StormCast for Friday, August 13th, 2021

Print Nightmare Continues: CVE-2021-36958 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958 Print Nightmare Abused by Ransomware Gangs https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/ PolyNetwork Attack https://www.theregister.com/2021/08/10/poly_networks_cryptocurrency_theft/
undefined
Aug 12, 2021 • 6min

ISC StormCast for Thursday, August 12th, 2021

TA551 Shathak Continues Pushing BazarLoader Leading to Cobalt Strike https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/ New AdLoad Campaign Goes Undetected by XProtect https://labs.sentinelone.com/massive-new-adload-campaign-goes-entirely-undetected-by-apples-xprotect/ Android FlyTrap Malware Hitting Facebook Users https://www.ehackingnews.com/2021/08/android-malware-flytrap-hacks-facebook.html 5G Shortcuts allow Evesdropping https://www.wired.com/story/5g-network-stingray-surveillance-non-standalone/ Cloud DNS Service Weeknesses https://www.wiz.io/blog/black-hat-2021-dns-loophole-makes-nation-state-level-spying-as-easy-as-registering-a-domain
undefined
Aug 11, 2021 • 5min

ISC StormCast for Wednesday, August 11th, 2021

Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2021+Patch+Tuesday/27736/ Adobe Patches https://helpx.adobe.com/security.html cPanel/WHM Vulnerabilities https://www.fortbridge.co.uk/research/multiple-vulnerabilities-in-cpanel-whm/ Firefox Update Released https://www.mozilla.org/en-US/firefox/91.0/releasenotes/
undefined
Aug 10, 2021 • 6min

ISC StormCast for Tuesday, August 10th, 2021

Microsoft Exchange ProxyShell https://isc.sans.edu/forums/diary/ProxyShell+how+many+Exchange+servers+are+affected+and+where+are+they/27732/ Synology Warns of Brute Force Attacks https://www.synology.com/en-global/company/news/article/BruteForce/Synology %20Investigates%20Ongoing%20Brute-Force%20Attacks%20From%20Botnet Router Auth Bypass https://threatpost.com/auth-bypass-bug-routers-exploited/168491/ Firefox Version 100 Experiment https://bugzilla.mozilla.org/show_bug.cgi?id=1719070 Interaction Less Vulnerabilities in Messaging Apps https://www.ehackingnews.com/2021/08/the-interaction-less-flaws-in-messaging.html HTTP2 Vulnerabilities https://portswigger.net/research/http2#conclusion

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
 Get the app