SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Dec 19, 2019 • 4min
ISC StormCast for Thursday, December 19th 2019
An Emotet Update
https://isc.sans.edu/forums/diary/Emotet+infection+with+spambot+activity/25622/
Emotet Used to Spread Malware From German Federal Agency Accounts (german)
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html
Joomla Patches SQL Injection
https://developer.joomla.org/security-centre.html
Unicode Mapping Problems
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
Dec 18, 2019 • 6min
ISC StormCast for Wednesday, December 18th 2019
Discovering DNS over HTTPS
https://isc.sans.edu/forums/diary/Is+it+Possible+to+Identify+DNS+over+HTTPs+Without+Decrypting+TLS/25616/
Ring Camera Weaknesses
https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security
WhatsApp DoS Bug
https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
Dec 17, 2019 • 6min
ISC StormCast for Tuesday, December 17th 2019
Slack "Unshare" Not Working As Expected
https://www.theregister.co.uk/2019/12/16/slack_filesharing_vulnerability_post_sharing/
Google Making OAUTH Mandatory for GSuite
https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html
TPLink Authentication Bypass
https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/
Factoring IoT RSA Keys
https://info.keyfactor.com/factoring-rsa-keys-in-the-iot-era
Dec 16, 2019 • 6min
ISC StormCast for Monday, December 16th 2019
VBA Macros in Autocad
https://isc.sans.edu/forums/diary/Malicious+DWG+Files/25612/
OpenBSD Privilege Escalation Vulnerability
https://www.qualys.com/2019/12/11/cve-2019-19726/local-privilege-escalation-openbsd-dynamic-loader.txt
NPM Fixes Critical Security Vulnerability
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
Dec 13, 2019 • 14min
ISC StormCast for Friday, December 13th 2019
Malware Information Sharing
https://isc.sans.edu/forums/diary/Code+Data+Reuse+in+the+Malware+Ecosystem/25598/
Apple Improves Tracking Prevention Tracking in WebKit
https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/
Google Verified SMS Messages
https://www.blog.google/products/messages/safer-conversations-messages-verified-sms-and-spam-protection/
Echobot Keeps Adding More Exploits
https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/
STI Research Paper: Caleb Baker DNS Monitoring
https://www.sans.org/reading-room/whitepapers/dns/challenges-effective-dns-query-monitoring-39215
Dec 12, 2019 • 5min
ISC StormCast for Thursday, December 12th 2019
German Malspam Installs Trickbot
https://isc.sans.edu/forums/diary/German+language+malspam+pushes+yet+another+wave+of+Trickbot/25594/
Vulnerable KeyWe Smart Lock
https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception
Google Chrome Update
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
iOS Spam Feature
https://support.apple.com/en-us/HT210756
https://kishanbagaria.com/airdos/
Dec 11, 2019 • 7min
ISC StormCast for Wednesday, December 11th 2019
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+December+2019+Patch+Tuesday/25592/
https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
Apple Security Updates
https://support.apple.com/en-us/HT201222
Intel Plundervolt Update
https://blogs.intel.com/technology/2019/12/ipas-security-advisories-for-december-2019/
Dec 10, 2019 • 8min
ISC StormCast for Tuesday, December 10th 2019
Another Word Maldoc
https://isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis/25586/
Snatch Ransomware Reboots System Into Safe Mode To Disable Anti Virus
https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
Ryuk Ransomware Decryptor May No Longer Work / Corrupt Documents
https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/
Extending Windows 7 Security Updates
https://www.ghacks.net/2019/12/07/someone-found-a-way-to-bypass-windows-7-extended-security-updates-checks/
Swift on Security Updates Sysmon Rules
https://github.com/SwiftOnSecurity/sysmon-config
RSA Webcast
https://www.rsaconference.com/industry-topics/webcast/36-five-most-dangerous-attacks-evolving
Dec 9, 2019 • 6min
ISC StormCast for Monday, December 9th 2019
E-Mail Includes Entire HTML/Javascript Phishing Kit
https://isc.sans.edu/forums/diary/Phishing+with+a+selfcontained+credentialsstealing+webpage/25580/
Great Canon / Red Canon Activated to Silence Pro Hongkong Forum
https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again
Dec 6, 2019 • 14min
ISC StormCast for Friday, December 6th 2019
OpenBSD Authentication Bypass and Privilege Escalation Vulnerability
https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt?_ga=2.58244398.587934852.1575530822-682141427.1570559125
Hijacking Linux (and BSD) VPN Connections
https://seclists.org/oss-sec/2019/q4/122
RASP vs. WAF: Alexander Fry Research Paper
https://www.sans.org/reading-room/whitepapers/application/runtime-application-self-protection-rasp-investigation-effectiveness-rasp-solution-protecting-vulnerable-target-applications-38950
