SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Feb 1, 2021 • 5min
ISC StormCast for Monday, February 1st, 2021
Perl.com Domain Hijacked
https://www.ehackingnews.com/2021/01/perlcom-official-site-for-perl.html
Spamcop Domain Expired
https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/
libgcrypt vulnerability
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
Fingerprinting QUIC
https://arxiv.org/pdf/2101.11871.pdf
Jan 29, 2021 • 6min
ISC StormCast for Friday, January 29th, 2021
New Cryptojacking Malware
https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/
SlipStreaming
https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/
Shadowsocks
https://shadowsocks.org/en/index.html
Jan 28, 2021 • 6min
ISC StormCast for Thursday, January 28th, 2021
Emotet vs. Windows Attack Surface Reduction
https://isc.sans.edu/forums/diary/Emotet+vs+Windows+Attack+Surface+Reduction/27036/
Go Lang Vulnerability
https://blog.golang.org/path-security
Azure Docker Escape
https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/
Jan 27, 2021 • 7min
ISC StormCast for Wednesday, January 27th, 2021
Critical sudo Vulnerability
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Quakbot (QBot) Update
https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+Qakbot+Qbot/27030/
Targeting Security Researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Apple Updates iOS, iPad, tvOS, watchOS, Xcode and iCloud for Windows
https://support.apple.com/en-us/HT201222
Jan 26, 2021 • 5min
ISC StormCast for Tuesday, January 26th, 2021
Fun With nmap nse Scripts and DoH (DNS over HTTPS)
https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/
Malicious NPM Module Stealing Discord Passwords
https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains
Mitigating the $I30 Bug
https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/
https://github.com/OSRDrivers/i30Flt
ProtonVPN BSOD
https://protonstatus.com/incidents/124
Jan 25, 2021 • 6min
ISC StormCast for Monday, January 25th, 2021
Another File Extension to Block: JNLP
https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/
SonicWall Vulnerability Used to Breach SonicWall
https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/
iObit Forum Breached / Used for Ransomware Distribution
https://www.bleepingcomputer.com/forums/t/741190/derohe-ransomware-distributed-through-fake-iobit-one-year-free-license-key-promo/
Jan 22, 2021 • 14min
ISC StormCast for Friday, January 22nd, 2021
Powershell Ropping REvil Ransomware
https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/
SAP Exploit Circulating
https://onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2021.html
RDP Used for DDoS
https://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification
Billy Wilson: Mitigating Attacks Against Supercomputers with KRSI
https://www.sans.org/reading-room/whitepapers/linux/mitigating-attacks-supercomputer-krsi-40010
Jan 21, 2021 • 7min
ISC StormCast for Thursday, January 21st, 2021
SolarWinds Updates
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/
Cisco Advisories
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj
Evesdropping Vulnerabilities in Various WebRTC Based Video Conferencing Systems
https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html
Oracle Business Intelligence Enterprise Edition XSS
https://www.exploit-db.com/exploits/49444
Jan 20, 2021 • 6min
ISC StormCast for Wednesday, January 20th, 2021
Qakbot Activity Resumes After Holiday Break
https://isc.sans.edu/forums/diary/Qakbot+activity+resumes+after+holiday+break/27008/
Multiple dnsmasq Vulnerabilities
https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf
FreakOut Malware
https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/
Kids Break Screensaver
https://github.com/linuxmint/cinnamon-screensaver/issues/354
Jan 19, 2021 • 6min
ISC StormCast for Tuesday, January 19th, 2021
Doc And RTF Malicious Document
https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/
Center for Internet Security Cisco NX-OS Benchmark
https://www.cisecurity.org/cis-benchmarks/
Exploit for Shazam Geolocation Vulnerablity
https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792
Voice Phishing and Internal Messaging Systems Used to Escalate Privileges
https://www.ic3.gov/Media/News/2021/210115.pdf
