SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
May 21, 2019 • 6min
ISC StormCast for Wednesday, May 22nd 2019
Setting Up Shodan Monitoring
https://isc.sans.edu/forums/diary/Using+Shodan+Monitoring/24956/
Fingerprinting Smartphones With Gyroscope Data
https://sensorid.cl.cam.ac.uk/
20% of Linux Docker Containers Without Password
https://www.kennasecurity.com/20-of-the-1000-most-popular-docker-containers-have-no-root-password/
RDP #bluekeep Signature For Snort/Suricata
https://github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/2019_05_rdp_cve_2019_0708.txt
May 20, 2019 • 5min
ISC StormCast for Tuesday, May 21st 2019
MSFT RDP Vulnerability (#BlueKeep) Update
https://twitter.com/search?q=%23bluekeep
Sharepoint Exploited
https://isc.sans.edu/forums/diary/CVE20190604+Attack/24952/
Risks of JWT
https://snikt.net/blog/2019/05/16/jwt-signature-vs-mac-attacks/
MuddyWater Campaign Evolves
https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html
May 19, 2019 • 6min
ISC StormCast for Monday, May 20th 2019
Google Analyzes Vendor Response to 0-Day Exploits
https://googleprojectzero.blogspot.com/p/0day.html
ASUS WebStorage Abused For Malware Distribution
https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/
Vulnerabilities in Apple Air Drop
https://www.usenix.org/system/files/sec19fall_stute_prepub.pdf
May 17, 2019 • 6min
ISC StormCast for Friday, May 17th 2019
The Risk of Authenticated Vulnerability Scans
https://isc.sans.edu/forums/diary/The+Risk+of+Authenticated+Vulnerability+Scans/24942/
ARIN Revokes about 735,000 IP Addresses
https://www.arin.net/vault/about_us/media/releases/20190513.html
More Cisco Patches (Prime Infrastructure, EPN Manager)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
Instrument Landing Systems Spoofing
https://aanjhan.com/assets/ils_usenix2019.pdf
May 16, 2019 • 5min
ISC StormCast for Thursday, May 16th 2019
Forbes Website Infected by Magecart
https://twitter.com/bad_packets/status/1128517905765683201
Malware Randomizes TLS Ciphers
https://blogs.akamai.com/sitr/2019/05/bots-tampering-with-tls-to-avoid-detection.html
Google Recalls Titan Security Keys
https://security.googleblog.com/2019/05/titan-keys-update.html
SAMBA Update
https://www.samba.org/samba/security/CVE-2018-16860.html
SAP Patches
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
May 15, 2019 • 6min
ISC StormCast for Wednesday, May 15th 2019
New Intel CPU Vulnerabilities
https://cpu.fail/
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2019+Patch+Tuesday/24934/
Apple Updates
https://support.apple.com/en-us/HT201222
Broken Trustseal
https://twitter.com/gwillem/status/1127890329175244800
https://twitter.com/bestoftheweb/status/1128036593208524800
May 14, 2019 • 6min
ISC StormCast for Tuesday, May 14th 2019
Linux Remote Code Execution When Closing TCP Sockets
https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63
WhatsApp Buffer Overflow Exploited to Install Spyware
https://www.facebook.com/security/advisories/cve-2019-3568
Cisco Vulnerabilities Lead to Trust Anchor Module Exploit
https://thrangrycat.com/
Linksys Unauthenticated Information Leak
https://badpackets.net/over-25000-linksys-smart-wi-fi-routers-vulnerable-to-sensitive-information-disclosure-flaw/
May 13, 2019 • 5min
ISC StormCast for Monday, May 13th 2019
DSSuite - A Docker Container with Didier's Tools
https://isc.sans.edu/forums/diary/DSSuite+A+Docker+Container+with+Didiers+Tools/24926/
Sqlite3 Vulnerability
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777
NVidia Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/4797
Windows 10 FIDO2 Certified
https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/
Google May Remove ADB Backup/Restore from Future Android Versions
https://www.xda-developers.com/adb-backup-and-restore-depreciated/
May 10, 2019 • 6min
ISC StormCast for Friday, May 10th 2019
US DHS Warns of North Korean ELECTRICFISH Malware
https://www.us-cert.gov/ncas/analysis-reports/AR19-129A
Fake KeePass Site Spreading Malware
https://twitter.com/berkcgoksel/status/1125727590440931329
Google Android Security Bulletin
https://source.android.com/security/bulletin/2019-05-01
Three Anti-Virus Companies Breached
https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
May 9, 2019 • 6min
ISC StormCast for Thursday, May 9th 2019
EMail Roulette May 2019
https://isc.sans.edu/forums/diary/Email+roulette+May+2019/24918/
Turla Lightneuron
https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf
Alpine Linux Docker Image root User Hard Coded Credentials
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782
Worpress 5.2 Adds Digitially Signed Updates
https://wordpress.org/support/wordpress-version/version-5-2/
