SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Mar 12, 2021 • 16min
ISC StormCast for Friday, March 12th, 2021
Pichktochart - Phishing with Infographics
https://isc.sans.edu/forums/diary/Piktochart+Phishing+with+Infographics/27194/
ProxyLogon Public PoC
https://www.praetorian.com/blog/reproducing-proxylogon-exploit/
Windows 10 Crashes After March 10th Updates
https://www.bleepingcomputer.com/news/microsoft/windows-10-crashes-when-printing-due-to-microsoft-march-updates/
DNS Vulnerability Updates
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/seven-windows-wonders-critical-vulnerabilities-in-dns-dynamic-updates/
Rob Upchurch: Preventing Windows 10 SMHNR DNS Leakage
https://www.sans.org/reading-room/whitepapers/dns/preventing-windows-10-smhnr-dns-leakage-40165
Mar 11, 2021 • 5min
ISC StormCast for Thursday, March 11th, 2021
SharpRDP - PSExec with PSExec, PSRemoting without PowerShell
https://isc.sans.edu/forums/diary/SharpRDP+PSExec+without+PSExec+PSRemoting+without+PowerShell/27188/
F5 Critical Vulnerabilities
https://support.f5.com/csp/article/K02566623
Netgear Updates
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
Linux Foundation sigstore
https://sigstore.dev
Mar 10, 2021 • 7min
ISC StormCast for Wednesday, March 10th, 2021
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+March+2021+Patch+Tuesday/27184/
Adobe Updates
https://helpx.adobe.com/security.html
Network Camera Breach
https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams
https://www.bleepingcomputer.com/news/security/hackers-access-surveillance-cameras-at-tesla-cloudflare-banks-more/
git vulnerability
https://www.openwall.com/lists/oss-security/2021/03/09/3
Mar 9, 2021 • 6min
ISC StormCast for Tuesday, March 9th, 2021
YARA and CyberChef
https://isc.sans.edu/forums/diary/YARA+and+CyberChef/27180/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Google Adds Port 554 to "Restricted Ports"
https://chromium.googlesource.com/chromium/src.git/+/refs/heads/master/net/base/port_util.cc
Yet Another Intel Side Channel Attack
https://arxiv.org/pdf/2103.03443.pdf
Mar 8, 2021 • 7min
ISC StormCast for Monday, March 8th, 2021
Update on Microsoft Exchange Vulnerability
https://github.com/microsoft/CSS-Exchange/tree/main/Security
https://github.com/nccgroup/Cyber-Defence/tree/master/Intelligence/Exchange
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b
Microsoft Adding Excel 4.0 Macro Hooks to AMSI
https://www.microsoft.com/security/blog/2021/03/03/xlm-amsi-new-runtime-defense-against-excel-4-0-macro-malware/
Apple Find My Device Leak
https://arxiv.org/pdf/2103.02282.pdf
Mar 5, 2021 • 6min
ISC StormCast for Friday, March 5th, 2021
From VBS, PowerShell, C Sharp, Process Hollowing to RAT
https://isc.sans.edu/forums/diary/From+VBS+PowerShell+C+Sharp+Process+Hollowing+to+RAT/27168/
Cisco Patches Snort Related Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n
VMWare View Planner Update
https://www.vmware.com/security/advisories/VMSA-2021-0003.html
Google's FLoC Algorithm
https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
Supermicro Trickbot Patch
https://www.supermicro.com/en/support/security/trickbot
Mar 4, 2021 • 5min
ISC StormCast for Thursday, March 4th, 2021
Microsoft Exchange Followup
https://blog.rapid7.com/2021/03/03/rapid7s-insightidr-enables-detection-and-response-to-microsoft-exchange-0-day/
Saltstack Vulnerability
https://www.immersivelabs.com/resources/blog/why-so-salty-local-privilege-escalation-on-saltstack-minions/
GRUB2 Patches
https://seclists.org/oss-sec/2021/q1/189
Dependency Confusion in the Wild
https://threatpost.com/malicious-code-bombs-amazon-lyft-slack-zillow/164455/
Mar 3, 2021 • 7min
ISC StormCast for Wednesday, March 3rd, 2021
Qakbot Infection with Cobalt Strike
https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/
Exchange Server 0-Day Exploits
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Google Chrome 0-Day Exploits
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
Mar 2, 2021 • 6min
ISC StormCast for Tuesday, March 2nd, 2021
Fun with DNS over TLS and
https://isc.sans.edu/forums/diary/Fun+with+DNS+over+TLS+DoT/27150/
Gootloader Update
https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/
AOL Phishing
https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/
Spectre Exploit in the Wild
https://dustri.org/b/spectre-exploits-in-the-wild.html
Mar 1, 2021 • 5min
ISC StormCast for Monday, March 1st, 2021
Pretending to be an Outlook Version Update
https://isc.sans.edu/forums/diary/Pretending+to+be+an+Outlook+Version+Update/27144/
Geolocating Satori Botnet Scanning Port 26
https://isc.sans.edu/forums/diary/So+where+did+those+Satori+attacks+come+from/27140/
Alexa Skill Security
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_5A-1_23111_paper.pdf
TMobile Data Breach / SIM Swapping
https://beta.documentcloud.org/documents/20492859-t-mobile-feb-2021-bc-data-breach
