SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Mar 19, 2020 • 6min
ISC StormCast for Thursday, March 19th 2020
TrendMicro Update
https://success.trendmicro.com/solution/000245571
More VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2020-0005.html
EnigmaSpark Malware
https://securityintelligence.com/posts/EnigmaSpark-Politically-Themed-Cyber-Activity-Highlights-Regional-Opposition-to-Middle-East-Peace-Plan/
Recent Ransomware Trends
https://www.fireeye.com/blog/threat-research/2020/03/they-come-in-the-night-ransomware-deployment-trends.html
Mar 18, 2020 • 8min
ISC StormCast for Wednesday, March 18th 2020
A Quick Summary of Current Reflective DNS DDoS Attacks
https://isc.sans.edu/forums/diary/A+Quick+Summary+of+Current+Reflective+DNS+DDoS+Attacks/25916/
Trickbot gtag red5 distributed as DLL File
https://isc.sans.edu/forums/diary/Trickbot+gtag+red5+distributed+as+a+DLL+file/25918/
Is Cryptojacking Dead after Coinhive Shutdown
https://arxiv.org/pdf/2001.02975.pdf
Adobe Patches
https://helpx.adobe.com/security/products/acrobat/apsb20-13.html
Mar 17, 2020 • 6min
ISC StormCast for Tuesday, March 17th 2020
Desktop.ini as a post-exploitation tool
https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/
VMWAre Workstatation/Fusion Update
https://www.vmware.com/security/advisories/VMSA-2020-0004.html
Blackwater Malware Abuses Cloudflare Workers
https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/
tcpdump Heap Based Buffer Over-Read
https://nvd.nist.gov/vuln/detail/CVE-2018-19325
Slack Account Takevoer Bug
https://hackerone.com/reports/737140
Mar 16, 2020 • 7min
ISC StormCast for Monday, March 16th 2020
Phishing PDFs With Incremental Updates
https://isc.sans.edu/forums/diary/Phishing+PDF+With+Incremental+Updates/25904/
VPN Access and Active Monitoring
https://isc.sans.edu/forums/diary/VPN+Access+and+Activity+Monitoring/25906/
Capturing Invalid Ethernet Frames
https://isc.sans.edu/forums/diary/Not+all+Ethernet+NICs+are+Created+Equal+Trying+to+Capture+Invalid+Ethernet+Frames/25896/
Cookiethief Android Cookie Stealing Malware
https://securelist.com/cookiethief/96332/
SANS Security Awareness Deployment Kit for Securing Your Workforce at Home
https://www.sans.org/webcasts/113875
Mar 13, 2020 • 7min
ISC StormCast for Friday, March 13th 2020
Microsoft Releases Patch for Windows SMBv3 Compression Vulnerability CVE-2020-0796
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
Hancitor Distributed Through Coronavirus-Themed Malspam
https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/
Avast Removes Vulnerable JavaScript Emulator From Products
https://github.com/taviso/avscript
Checkra1n Exploit Works Against T2 Equipped Macs
https://www.idownloadblog.com/2020/03/10/luca-todesco-teases-checkra1n-hacks-on-a-t2-equipped-macbook-pros-touch-bar/
Mar 12, 2020 • 6min
ISC StormCast for Thursday, March 12th 2020
Mystery SMB3 Flaw Update
https://isc.sans.edu/forums/diary/Critical+SMBv3+Vulnerability+Remote+Code+Execution/25890/
COVID19 Malware
https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/
Agent Tesla Spread by Fake Canon EOS Notification Email
https://isc.sans.edu/forums/diary/Agent+Tesla+Delivered+via+Fake+Canon+EOS+Notification+on+Free+OwnCloud+Account/25884/
Mar 11, 2020 • 5min
ISC StormCast for Wednesday, March 11th 2020
Microsoft Patch Tuesday
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005
https://isc.sans.edu/diary.html?storyid=25886
Mar 10, 2020 • 7min
ISC StormCast for Tuesday, March 10th 2020
Malicious Spreadsheet With Data Connection and Excel 4 Macros
https://isc.sans.edu/forums/diary/Malicious+Spreadsheet+With+Data+Connection+and+Excel+4+Macros/25880/
Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors
https://mlq.me/download/takeaway.pdf
https://www.amd.com/en/corporate/product-security
Google Play Store Protect Fails Security Test
https://www.av-test.org/en/news/here-s-how-well-17-android-security-apps-provide-protection/
Mar 9, 2020 • 6min
ISC StormCast for Monday, March 9th 2020
Excel Maldocs: Hidden Sheets
https://isc.sans.edu/forums/diary/Excel+Maldocs+Hidden+Sheets/25876/
Wireshark 3.2.2. Released
https://www.wireshark.org/docs/relnotes/wireshark-3.2.2.html
Linux PPP Vulnerability
https://www.kb.cert.org/vuls/id/782301/
NordVPN Vulnerablity
https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/
Unpatched Android Devices
https://www.which.co.uk/news/2020/03/more-than-one-billion-android-devices-at-risk-of-malware-threats/
Mar 6, 2020 • 6min
ISC StormCast for Friday, March 6th 2020
Survey Phish
https://isc.sans.edu/forums/diary/Will+You+Put+Your+Password+in+a+Survey/25866/
Healthcare.gov Sending E-Mail Looking Like Phishing
https://twitter.com/johullrich/status/1235740586717720577
Intel x86 Root of Trust: Loss of Trust
https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html
Let's Encrypt Revises Revokation Plan
https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/2
Trust Me, I'm Certified Podcast
https://www.giac.org/podcasts
