SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Apr 29, 2020 • 5min
ISC StormCast for Wednesday, April 29th 2020
Agent Tesla Delivered by the Same Phishing Campagin for Over a Year
https://isc.sans.edu/forums/diary/Agent+Tesla+delivered+by+the+same+phishing+campaign+for+over+a+year/26062/
VMWare ESXi Patch
https://www.vmware.com/security/advisories/VMSA-2020-0008.html
Microsoft Guidance For Ransomware Response
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
Adobe Security Patches
https://helpx.adobe.com/security.html
Apr 28, 2020 • 6min
ISC StormCast for Tuesday, April 28th 2020
Powershell Payload Stored in a PSCredential Object
https://isc.sans.edu/forums/diary/Powershell+Payload+Stored+in+a+PSCredential+Object/26058/
Microsoft Teams Account Takeover Bug
https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/
USB Drives used to Spread Crypto Coin Mining Botnet
https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/
Apr 27, 2020 • 8min
ISC StormCast for Monday, April 27th 2020
Malware Bazaar
https://isc.sans.edu/forums/diary/MALWARE+Bazaar/26052/
CIRA Luanches Canadian Shield
https://www.cira.ca/newsroom/canadian-shield/cira-launches-canadian-shield-provide-free-privacy-and-security-canadians
Covid19 Tracing Protocols
https://github.com/DP-3T/documents
https://www.pepp-pt.org/content
https://www.apple.com/covid19/contacttracing/
Sophos XG Firewall SQL Injection Vulnerablity Exploited
https://community.sophos.com/kb/en-us/135412
Apr 24, 2020 • 7min
ISC StormCast for Friday, April 24th 2020
GCC's New Security Analyzer Finds Flaw in OpenSSL
https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10/
IBM Spectrum Protect Server Stack Based Buffer Overflow
https://www.ibm.com/support/pages/node/6195706
Possible Issues With Cummulative Windows Updates
https://www.reddit.com/search/?q=KB4549951
Using a GPU as a Radio
https://duo.com/labs/research/finding-radio-sidechannels
Comparing Red Team Platforms
https://redcanary.com/blog/comparing-red-team-platforms/
Apr 23, 2020 • 6min
ISC StormCast for Thursday, April 23rd 2020
iOS Mail 0Day
https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/
Zoom 5 To Be Released Shortly Addressing Encryption Issues
https://blog.zoom.us/wordpress/2020/04/22/zoom-hits-milestone-on-90-day-security-plan-releases-zoom-5-0/
OpenSSL Fixes DOS Flaw
https://www.openssl.org/news/secadv/20200421.txt
Apr 22, 2020 • 6min
ISC StormCast for Wednesday, April 22nd 2020
SpectX: Log Parser for DFIR
https://isc.sans.edu/forums/diary/SpectX+Log+Parser+for+DFIR/26040/
Microsoft Patches Autodesk Library in Office
https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200004
Stripe Data Collection
https://mtlynch.io/stripe-recording-its-customers/
IBM Data Risk Manager Vulnerabilities
https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md
Apr 21, 2020 • 6min
ISC StormCast for Tuesday, April 21st 2020
KPOT AutoIt Script: Analysis
https://isc.sans.edu/forums/diary/KPOT+AutoIt+Script+Analysis/26012/
FPGA Vulnerablity
https://www.usenix.org/conference/usenixsecurity20/presentation/ender
Nagios XI Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/179406
Apr 20, 2020 • 6min
ISC StormCast for Monday, April 20th 2020
Weaponized RTF Document Generator Mailer in PowerShell
https://isc.sans.edu/forums/diary/Weaponized+RTF+Document+Generator+Mailer+in+PowerShell/26030/
Microsoft Fixes Bad Anti-Malware Signatures
https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes
Sophos Pulls Bad Firmware Update
https://community.sophos.com/kb/en-us/135383
Credentials Stolen from Pulse Secure VPN Abused
https://www.us-cert.gov/ncas/alerts/aa20-107a
Chrome Update
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
Apr 17, 2020 • 6min
ISC StormCast for Friday, April 17th 2020
Applocker vs. Living off the Land Attacks
https://isc.sans.edu/forums/diary/Using+AppLocker+to+Prevent+Living+off+the+Land+Attacks/26032/
Netlink GPON 0-Day
https://blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day-en/
Windows Security Crashing After Definition Update
https://www.askwoody.com/2020/reports-of-windows-security-nee-microsoft-security-essentials-crashing-after-installing-this-mornings-definition-updates/
700 Malicious Ruby Gems Found
https://thehackernews.com/2020/04/rubygem-typosquatting-malware.html
vCenter Exploit for CVE-2020-3952
https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/
Apr 16, 2020 • 5min
ISC StormCast for Thursday, April 16th 2020
Hunting Without IOCs
https://isc.sans.edu/forums/diary/No+IOCs+No+Problem+Getting+a+Start+Hunting+for+Malicious+Office+Files/26026/
Cloudflare/Online Banking Outages
https://twitter.com/eastdakota/status/1250520852354854912
Crypto Currency Stealing Browser Extensions
https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9
