SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Apr 2, 2020 • 6min
ISC StormCast for Thursday, April 2nd 2020
Quakbot Malspam Sent From an Infected Windows Host
https://isc.sans.edu/forums/diary/Qakbot+malspam+sent+from+an+infected+Windows+host/25972/
TPOT Cowrie to ISC Logs
https://isc.sans.edu/forums/diary/TPOTs+Cowrie+to+ISC+Logs/25976/
SSH Issues After MacOS Update
https://feed.tyler.io/so-uh-i-think-catalina-10154-broke-ssh/
Cloudflare DNS For Families
https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
Zoom Leaks Windows Password Hashes via UNC Links
https://twitter.com/hackerfantastic/status/1245133371262619654
Apr 1, 2020 • 7min
ISC StormCast for Wednesday, April 1st 2020
Kwampirs Update
https://isc.sans.edu/forums/diary/Kwampirs+Targeted+Attacks+Involving+Healthcare+Sector/25968/
Exposed RDP
https://blog.shodan.io/trends-in-internet-exposure/
D-Link DSL-2640B Vulnerability
https://raelize.com/posts/d-link-dsl-2640b-security-advisories/
SMB 3.1.1 (CVE-2020-0796) Local Privilege Escalation Exploit
https://github.com/danigargu/CVE-2020-0796
Mar 31, 2020 • 7min
ISC StormCast for Tuesday, March 31st 2020
Crashing Windows Explorer Without a Click
https://isc.sans.edu/forums/diary/Crashing+explorerexe+without+a+click/25966/
Zoom Privacy Policy
https://blogs.harvard.edu/doc/2020/03/27/zoom/
Zoom Bombing
https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic
Zoom Related Domains Used for Phishing
https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/
Mar 30, 2020 • 6min
ISC StormCast for Monday, March 30th 2020
Covid19 Domain Classifier
https://isc.sans.edu/covidclassifier.html
https://www.youtube.com/watch?v=yNIlyJ3gI-4
Attackers Mail Malicious USB Drives and Teddy Bears
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/
HongKong News Sites Used to Install Malware on iOS Devices
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/
Mar 27, 2020 • 6min
ISC StormCast for Friday, March 27th 2020
Very Large Sample as an Obfuscation Technique
https://isc.sans.edu/forums/diary/Very+Large+Sample+as+Evasion+Technique/25948/
iOS VPN Bypass
https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/
Free Covid19 Domain List
https://www.domaintools.com/resources/blog/free-covid-19-threat-list-domain-risk-assessments-for-coronavirus-threats
Linux Rubber Ducky Protection
https://opensource.googleblog.com/2020/03/usb-keystroke-injection-protection.html
Mar 26, 2020 • 5min
ISC StormCast for Thursday, March 26th 2020
Dridex Update
https://isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/
Covid-19 Ransom
https://twitter.com/johullrich/status/1242983197555789824
HP Enterprise SSD Firmware Bug
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00097382en_us
Fake Google Chrome Update
https://news.drweb.com/show/?i=13746&lng=en
TrickBot Pushing a 2FA Bypass App in Germany
https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/
Mar 25, 2020 • 6min
ISC StormCast for Wednesday, March 25th 2020
Updated Microsoft Advisory 200006
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
Memcached Denial of Service Vulnerability
https://github.com/memcached/memcached/issues/629
Adobe Creative Cloud Desktop Application Patches
https://helpx.adobe.com/security/products/creative-cloud/apsb20-11.html
Microsoft Pausing Cumulative Updates Starting May
https://docs.microsoft.com/en-us/windows/release-information/windows-message-center#405
Apple Security Patches
https://support.apple.com/en-us/HT201222
OpenWRT Vulnerability Fixed
https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html
Mar 24, 2020 • 6min
ISC StormCast for Tuesday, March 24th 2020
Windows Font Parsing 0-Day
https://isc.sans.edu/forums/diary/Windows+Zeroday+Actively+Exploited+Type+1+Font+Parsing+Remote+Code+Execution+Vulnerability/25936/
Covid-19 Malware Summary
https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs
Firefox Turns TLS 1.0/1.1 Back on
https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
Mar 23, 2020 • 7min
ISC StormCast for Monday, March 23rd 2020
More Covid19 Malware
https://isc.sans.edu/forums/diary/More+COVID19+Themed+Malware/25930/
Working Exploit for the Kr00k Wifi Exploit
https://hexway.io/research/r00kie-kr00kie/
ZDI Pwn2Own Results
https://www.zerodayinitiative.com/blog/2020/3/17/welcome-to-pwn2own-2020-the-schedule-and-live-results
Mar 20, 2020 • 5min
ISC StormCast for Friday, March 20th 2020
COVID-19 Themed Multistage Malware
https://isc.sans.edu/forums/diary/COVID19+Themed+Multistage+Malware/25922/
Cisco SD-WAN Patches
https://tools.cisco.com/security/center/publicationListing.x
oPatch Selling Patches for Windows 7
https://twitter.com/0patch/status/1240602635205586945
LDAPFragger: Bypassing network restrictions using LDAP attributes
https://research.nccgroup.com/2020/03/19/ldapfragger-bypassing-network-restrictions-using-ldap-attributes/
