SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Apr 5, 2021 • 6min
ISC StormCast for Monday, April 5th, 2021
C2 Activity: Sandboxes or Real Victims
https://isc.sans.edu/forums/diary/C2+Activity+Sandboxes+or+Real+Victims/27272/
Exploitation of Fortinet FortiOS Vulnerabilities
https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios
https://www.ic3.gov/Media/News/2021/210402.pdf
GitHub Actions Used to Mine Crypto
https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/
Large Facebook Leak
https://thehackernews.com/2021/04/533-million-facebook-users-phone.html
Apr 2, 2021 • 6min
ISC StormCast for Friday, April 2nd, 2021
April 2021 Forensic Quiz
https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/
Coinhive Domains Used to Warn Victims
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Detecting Attacker's BITS Utility Use
https://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html
Kansas Man Indicted For Tampering With Public Water System
https://www.justice.gov/usao-ks/pr/indictment-kansas-man-indicted-tampering-public-water-system
Older QNAP Devices Vulnerable And No Longer Patched
https://securingsam.com/new-vulnerabilities-allow-complete-takeover/
Apr 1, 2021 • 5min
ISC StormCast for Thursday, April 1st, 2021
Quick Analysis of a Modular InfoStealer
https://isc.sans.edu/forums/diary/Quick+Analysis+of+a+Modular+InfoStealer/27264/
Google Chrome Update / DoH on Linux
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
https://docs.google.com/document/d/1zAdSK393IznaLKQ0ItOmwLBy59fIq9ydxBRJQX-2ntQ/edit#
Chinese Tax Authority Facial Recognition System Fooled
https://www.scmp.com/tech/tech-trends/article/3127645/chinese-government-run-facial-recognition-system-hacked-tax
Mar 31, 2021 • 6min
ISC StormCast for Wednesday, March 31st, 2021
Old TLS Versions: Gone but not Forgotten
https://isc.sans.edu/forums/diary/Old+TLS+versions+gone+but+not+forgotten+well+not+really+gone+either/27260/
Perl Netmask Vulnerability
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
VMWare vRealize Vulnerability
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
Pre-P0wned Docker Containers
https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/
Mar 30, 2021 • 7min
ISC StormCast for Tuesday, March 30th, 2021
Jumping Into Shellcode
https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/
PHP git repo compromised
https://news-web.php.net/php.internals/113838
npm "netmask" package vulnerability
https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/
Mar 19, 2021 • 6min
ISC StormCast for Friday, March 19th, 2021
A Simple Python Keylogger
https://isc.sans.edu/forums/diary/Simple+Python+Keylogger/27216/
New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/
Zoom Screen Sharing Leak
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txt
MyBB Remote Code Execution
https://blog.mybb.com/2021/03/10/mybb-1-8-26-released-security-release/
Mar 18, 2021 • 6min
ISC StormCast for Thursday, March 18th, 2021
"American Rescue Plan" Used as Theme in Phishing Lures Dropping Dridex
https://cofense.com/blog/american-rescue-plan-phish/
Apple May Split Security Updates from Other Updates
https://9to5mac.com/2021/03/15/ios-security-fixes-could-soon-be-delivered-separately-from-other-updates-beta-code-suggests/
Polyglot Images on Twitter
https://twitter.com/David3141593/status/1371978592679309315
Magento 2 PHP Credit Card Skimmer Saves to JPG
https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html
Mar 17, 2021 • 6min
ISC StormCast for Wednesday, March 17th, 2021
One-Click Microsoft Exchange On-Premises Mitigation Tool
https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/
Microsoft Explains Authentication Issues with Azure Active Directory
https://www.documentcloud.org/documents/20515443-authentication-errors-across-multiple-microsoft-services-tracking-id-ln01-p8z
JavaScript Less Side-Channel Exploits
https://arxiv.org/abs/2103.04952
Mar 16, 2021 • 5min
ISC StormCast for Tuesday, March 16th, 2021
NimzaLoader Malware Written in "nim"
https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware
Windows 10 Emergency Update to Fix Printing Crashes
https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-updates-released-to-fix-printing-crashes/
Windows Azure AD Outage
https://status.azure.com/status
IBM DB2 Patch
https://www.ibm.com/support/pages/node/6427855
Mar 15, 2021 • 5min
ISC StormCast for Monday, March 15th, 2021
Wireshark Code Execution Exploit
https://gitlab.com/wireshark/wireshark/-/issues/17232
Google Chrome Vulnerability Exploited in the Wild
https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193
Malware Installs Honeypot
https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/
Twitter "Memphis" Bug
https://www.bleepingcomputer.com/news/technology/twitter-bug-automatically-suspends-you-when-tweeting-memphis/
