SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
May 13, 2020 • 7min
ISC StormCast for Wednesday, May 13th 2020
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2020+Patch+Tuesday/26114/
Adobe Security Updates
https://helpx.adobe.com/security.html
Android Applications Expose Firebase Databases
https://www.comparitech.com/blog/information-security/firebase-misconfiguration-report/#What_data_is_exposed
More Magecart Sighted
https://maxkersten.nl/2020/05/06/backtracking-magecart-infections/
Glitter vs. Thunderspy
https://www.youtube.com/watch?v=vlK5rrlc44g
May 12, 2020 • 6min
ISC StormCast for Tuesday, May 12th 2020
Excel 4 Macro Analysis: XLMMacroDeobfuscator
https://isc.sans.edu/forums/diary/Excel+4+Macro+Analysis+XLMMacroDeobfuscator/26110/
LinkedIn Phish
https://youtu.be/g0WHz6rikoc
ThunderSpy Thunderbolt Attack
https://thunderspy.io/
vBulletin Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2020-12720
Mini-Netwars
https://www.sans.org/mini-netwars
May 11, 2020 • 5min
ISC StormCast for Monday, May 11th 2020
YARA 4.0.0 Released
https://isc.sans.edu/forums/diary/YARA+v400+BASE64+Strings/26106/
VMWare Patches vRealize to Address Saltstack Vulnerabilities
https://www.vmware.com/security/advisories/VMSA-2020-0009.html
Samsung Paches Android RCE Vulnerabilities
https://bugs.chromium.org/p/project-zero/issues/detail?id=2002
https://security.samsungmobile.com/securityUpdate.smsb
MacOS 2FA Application Trojan
https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/
May 8, 2020 • 6min
ISC StormCast for Friday, May 8th 2020
Scanning With NMAP NSE Scripts
https://isc.sans.edu/forums/diary/Scanning+with+nmaps+NSE+scripts/26096/
iOS Psychic Paper Vulerability
https://siguza.github.io/psychicpaper/
World Password Day
https://www.microsoft.com/security/blog/2020/05/07/protect-accounts-smarter-ways-sign-in-world-passwordless-day
https://tails.boum.org/news/version_4.6/index.en.html
Cisco Kerberos Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-asa-kerberos-bypass-96Gghe2sS
May 7, 2020 • 6min
ISC StormCast for Thursday, May 7th 2020
Keeping an Eye on Malicious Files Life Time
https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Malicious+Files+Life+Time/26092/
Fake Crypto Wallet Chrome Extensions
https://www.theregister.co.uk/2020/05/06/chrome_malicious_extensions/
Favicon Hides Credit Card Skimmer
https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/
WebEx Phishing
https://abnormalsecurity.com/blog/abnormal-attack-stories-cisco-webex-phishing/
May 6, 2020 • 5min
ISC StormCast for Wednesday, May 6th 2020
Do Cloud Security Features Replace Pesonnel Security Capabilities?
https://isc.sans.edu/forums/diary/Cloud+Security+Features+Dont+Replace+the+Need+for+Personnel+Security+Capabilities/26088/
Citrix ShareFile Storage Zones Controller Update
https://support.citrix.com/article/CTX269106
Android Update
https://source.android.com/security/bulletin/2020-05-01
Firefox Update
https://www.mozilla.org/en-US/firefox/76.0/releasenotes/
Dell OS Recovery Image Insecure Inherited Permissions
https://www.dell.com/support/article/de-de/sln321036/dsa-2020-059-dell-os-recovery-image-insecure-inherited-permissions-vulnerability?lang=en
WordPress Update
https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
May 5, 2020 • 5min
ISC StormCast for Tuesday, May 5th 2020
Exploring the Sysmon 11 File Deletion Protection
https://isc.sans.edu/forums/diary/Sysmon+and+File+Deletion/26084/
Digicert CT Compromise
https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/aKNbZuJzwfM
WebLogic Flaw (new one..) Exploited in the Wild
https://blogs.oracle.com/security/apply-april-2020-cpu
May 4, 2020 • 5min
ISC StormCast for Monday, May 4th 2020
ZIP Files and AES
https://isc.sans.edu/forums/diary/ZIP+AES/26080/
Saltstack Vulnerability Exploited in the Wild
https://status.ghost.org/
Mobile Device Manager Compromise
https://research.checkpoint.com/2020/first-seen-in-the-wild-mobile-as-attack-vector-using-mdm/
May 1, 2020 • 7min
ISC StormCast for Friday, May 1st 2020
Collecting IOCs from IMAP Folder
https://isc.sans.edu/forums/diary/Collecting+IOCs+from+IMAP+Folder/26070/
Attack Traffic on TCP Port 9673
https://isc.sans.edu/forums/diary/Attack+traffic+on+TCP+port+9673/26074/
Saltstack Authorization Bypass
https://labs.f-secure.com/advisories/saltstack-authorization-bypass
Mac Sandbox Escape
https://lapcatsoftware.com/articles/sandbox-escape.html
Apr 30, 2020 • 6min
ISC StormCast for Thursday, April 30th 2020
Privacy Preserving Protocols to Trace Covid19 Exposure
https://isc.sans.edu/forums/diary/Privacy+Preserving+Protocols+to+Trace+Covid19+Exposure/26066/
Google Chrome Update
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Updated Version of Sysmon
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v11-0-livekd-v5-63-process-explorer-v16-32-coreinfo-v3-5/ba-p/1345153
Shade Ransomware Keys Released
https://github.com/shade-team/keys/blob/master/README.md
Exploiting the Exploiters
https://medium.com/@curtbraz/exploiting-the-exploiters-46fd0d620fd8
