SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Sep 18, 2018 • 5min
ISC StormCast for Tuesday, September 18th 2018
Analyzing Office Docs
https://isc.sans.edu/forums/diary/Dissecting+Malicious+MS+Office+Docs/24108/
Apple Updates Everything but macOS
https://support.apple.com/en-us/HT201220
FBot Botnet
https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/
Related STI Paper: Botnet Reciliency via Private Blockchain (Jonathan Sweeny)
https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
Sep 17, 2018 • 5min
ISC StormCast for Monday, September 17th 2018
Reversing Visual Basic Shortcuts
https://isc.sans.edu/forums/diary/2020+malware+vision/24104/
Not So Random User Agent
https://isc.sans.edu/forums/diary/User+Agent+String+uatoolsrandom/24102/
Safari DoS
https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea
Webroot SecureAnywhere macOS Vulnerability
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-16962--Webroot-SecureAnywhere-macOS-Kernel-Level-Memory-Corruption/
Intel Patches Management Engine Encryption Vulnerability
http://blog.ptsecurity.com/2018/09/intel-me-encryption-vulnerability.html
Sep 14, 2018 • 6min
ISC StormCast for Friday, September 14th 2018
Malicious MHT Files
https://isc.sans.edu/forums/diary/Malware+Delivered+Through+MHT+Files/24096/
Improved Coldboot Attack
https://blog.f-secure.com/cold-boot-attacks/
SAP Patches
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993
Sep 13, 2018 • 7min
ISC StormCast for Thursday, September 13th 2018
So What is Going on With IPv4 Fragments these Days?
https://isc.sans.edu/forums/diary/So+What+is+Going+on+With+IPv4+Fragments+these+Days/24092/
Magacart Javascript Injection Attacks
https://www.bleepingcomputer.com/news/security/feedify-service-compromised-with-magecart-information-stealing-script/
Bypassing CSP using Polyglot JPEGs
https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs
Sep 12, 2018 • 5min
ISC StormCast for Wednesday, September 12th 2018
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+September+Patch+Tuesday+Summary/24088/
Adobe Patches
https://helpx.adobe.com/security.html
Safari/Edge URL Bar Spoofing
https://www.rafaybaloch.com/2018/09/apple-safari-microsoft-edge-browser.html
Exploit Search Engine
https://sploitus.com
Sep 10, 2018 • 5min
ISC StormCast for Tuesday, September 11th 2018
"findstr" used to extract malware from LNK files
https://isc.sans.edu/forums/diary/What+is+dikona+or+glirote3/24084/
Tor Browser Javascript Vulnerability
https://www.bleepingcomputer.com/news/security/exploit-affecting-tor-browser-burned-in-a-tweet/
Trend Micro App Leaks Data / Removed from Appstore
https://forums.malwarebytes.com/topic/217353-get-rid-of-open-any-files-rar-support/?tab=comments#comment-1194838
Chrome removes Subdomains from URL Bar
https://bugs.chromium.org/p/chromium/issues/detail?id=881410
Sep 9, 2018 • 7min
ISC StormCast for Sunday, September 9th 2018
Crypto Mining in a Windows Headless Browser
https://isc.sans.edu/forums/diary/Crypto+Mining+in+a+Windows+Headless+Browser/24078/
MacOS Adware Doctor Stealing Browser History
https://twitter.com/privacyis1st/status/1031428304543395840
https://objective-see.com/blog/blog_0x37.html
VPN Applications with Privilege Escalation Vulnerabilities
https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html
Keybase Extension Allws Access By Scripts from Any Site
https://palant.de/2018/09/06/keybase-our-browser-extension-subverts-our-encryption-but-why-should-we-care
Sep 6, 2018 • 5min
ISC StormCast for Friday, September 7th 2018
Malware Uses Powershell to Comple C# Code on the Fly
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/
Stealing WiFi Credentials in Google Chrome
https://www.surecloud.com/sc-blog/wifi-hijacking
DNS Spoofing and Certificate Authority Domain Validation
https://www.theregister.co.uk/2018/09/06/boffins_break_cas_domain_validation/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=30#~Vulnerabilities
Sep 5, 2018 • 5min
ISC StormCast for Thursday, September 6th 2018
MEGA Chrome Extension Replaced with Password Stealer
https://serhack.me/articles/mega-chrome-extension-hacked
Python Package Installer May Execute Code
https://github.com/mschwager/0wned
Windows Scheduler Exploit Used in the Wild
https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/
Where Have All My Certificates Gone?
https://isc.sans.edu/forums/diary/Where+have+all+my+Certificates+gone+And+when+do+they+expire/24066/
Sep 4, 2018 • 6min
ISC StormCast for Wednesday, September 5th 2018
Some More Interesting MicroTik Router Exploits
https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/
Exposed .git Directories
https://lynt.cz/blog/global-scan-exposed-git
SSL Certificates Expose Tor Servers
https://www.bleepingcomputer.com/news/security/public-ip-addresses-of-tor-sites-exposed-via-ssl-certificates/
