SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Apr 16, 2020 • 5min
ISC StormCast for Thursday, April 16th 2020
Hunting Without IOCs
https://isc.sans.edu/forums/diary/No+IOCs+No+Problem+Getting+a+Start+Hunting+for+Malicious+Office+Files/26026/
Cloudflare/Online Banking Outages
https://twitter.com/eastdakota/status/1250520852354854912
Crypto Currency Stealing Browser Extensions
https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9
Apr 15, 2020 • 5min
ISC StormCast for Wednesday, April 15th 2020
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+April+2020+Patch+Tuesday/26022/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
Microsoft Extending EOL For Windows 10 1709/1809
https://support.microsoft.com/en-us/help/4557164/lifecycle-changes-to-end-of-support-and-servicing-dates
Dell Safe BIOS
https://blog.dellemc.com/en-us/dell-technologies-bolsters-pc-security-todays-remote-workers/
Apr 14, 2020 • 6min
ISC StormCast for Tuesday, April 14th 2020
Comparing the same Phishing Campaign 3 Months Appart
https://isc.sans.edu/forums/diary/Look+at+the+same+phishing+campaign+3+months+apart/26018/
Setting 3D Printers On Fire
https://www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats
Junos OS: vMX Default Credentials
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10998
DNS is Changing: So What? (@Mic Webinar)
https://www.sans.org/webcasts/113635
Apr 13, 2020 • 5min
ISC StormCast for Monday, April 13th 2020
Dynamic Analysis Technique to Get Decrypted KPOT Malware
https://isc.sans.edu/forums/diary/Reader+Analysis+Dynamic+analysis+technique+to+get+decrypted+KPOT+Malware/26010/
VMWare vCenter Server Vulnerability
https://www.vmware.com/security/advisories/VMSA-2020-0006.html
Sodinokibi Ransomware Switching to Monero
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-to-stop-taking-bitcoin-to-hide-money-trail/
Malware Impersonates Security Researchers
https://www.bleepingcomputer.com/news/security/new-wiper-malware-impersonates-security-researchers-as-prank/
Apr 10, 2020 • 6min
ISC StormCast for Friday, April 10th 2020
Spoofing OS Fingerprints
https://isc.sans.edu/forums/diary/Performing+deception+to+OS+Fingerprint+Part+1+nmap/25960/
Dell iDRAC Patch
https://www.dell.com/support/article/de-de/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en
VISA Ends Magento 1 Support
https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/acquirer-advisory-magento-migration.pdf
Slack WebRTC TURN Compromise
https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/
COVID 19 Domain Classifier
https://isc.sans.edu/covidclassifier.html
Apr 9, 2020 • 6min
ISC StormCast for Thursday, April 9th 2020
German Malspam Pushes ZLoader Malware; Decrypting HTTPs
https://isc.sans.edu/forums/diary/German+malspam+pushes+ZLoader+malware/25996/
Microsoft Purchases Corp.com
https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-so-bad-guys-cant/
Microsoft Delaying Removal of Basic Authentiation from Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508
Dark Nexus Botnet
https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf
Apr 8, 2020 • 5min
ISC StormCast for Wednesday, April 8th 2020
RDP Scanning Increase
https://isc.sans.edu/forums/diary/Increase+in+RDP+Scanning/25994/
Atlassian Advices Users To Secure Jira Service Desk
https://community.atlassian.com/t5/Jira-Service-Desk-articles/Tips-for-setting-customer-permissions-in-Jira-Service-Desk/ba-p/1340617
Android Updates
https://support.google.com/pixelphone/thread/38337876
Apr 7, 2020 • 7min
ISC StormCast for Tuesday, April 7th 2020
ROSTELECOM Reroutes Traffic for Multiple Cloud Providers
https://twitter.com/bgpmon/status/1246842916502302723
https://bgpstream.com/event/230837
Vuln Cost Security Scanner for VS Code
https://snyk.io/security-scanner-vuln-cost/
Microsoft Exchange Server Vulnerability still not Patched
https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/
Fake Zoom Installer
https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/
Apr 6, 2020 • 6min
ISC StormCast for Monday, April 6th 2020
New Bypass Technique or Corrupt Word Document
https://isc.sans.edu/forums/diary/New+Bypass+Technique+or+Corrupt+Word+Document/25984/
CitizenLab Analyzes Zoom Encryption
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
https://www.sans.org/webcasts/zomg-its-zoom-114670
Mozilla Patches Critical Firefox Flaws
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
Malicious JavaScript injected into Discord
https://www.bleepingcomputer.com/news/security/discord-turned-into-an-account-stealer-by-updated-malware/
Apr 3, 2020 • 7min
ISC StormCast for Friday, April 3rd 2020
Twitter Cache Bug in Firefox
https://privacy.twitter.com/en/blog/2020/data-cache-firefox
MS-SQL Server Attack
https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/
More Zoom Vulnerabilities
https://objective-see.com/blog/blog_0x56.html
Covid-19 Economic Impact Payments Scams
https://www.justice.gov/usao-edky/press-release/file/1265371/download
Safari Camera Access Bug
https://www.ryanpickren.com/webcam-hacking-overview
