SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrich

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Episodes

Mentioned books

Sep 4, 2018 • 5min

ISC StormCast for Tuesday, September 4th 2018

Reversing and Modifying the Medium Mobile App https://hackernoon.com/dont-publish-yet-reverse-engineering-the-medium-app-and-making-all-stories-in-it-free-48c8f2695687 Active Directory Leaks via Azure https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/ Google Restricts Tech Support Ads https://www.blog.google/products/ads/restricting-ads-third-party-tech-support-services/?mod=article_inline

Sep 2, 2018 • 5min

ISC StormCast for Sunday, September 2nd 2018

OSX/MacOS and Dangerous of Custom URL Schemes https://objective-see.com/blog/blog_0x38.html Philips e-Alert Vulnerability https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01

Aug 30, 2018 • 6min

ISC StormCast for Friday, August 31st 2018

Cryptocoin Miners are More Popular Than Ever and Dominate in Attacks https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050/ Cryptocoin Miners Deployed via Struts Vulnerability https://www.volexity.com/blog/2018/08/27/active-exploitation-of-new-apache-struts-vulnerability-cve-2018-11776-deploys-cryptocurrency-miner/ Mimecast Identifies Weaknesses in Existing EMail Filters https://www.mimecast.com/resources/ebooks/dates/2018/7/the-state-of-email-security-2018-report/ Android Leaks Information to Processes https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/

Aug 29, 2018 • 6min

ISC StormCast for Thursday, August 30th 2018

More Octoprint Details https://isc.sans.edu/forums/diary/3D+Printers+in+The+Wild+What+Can+Go+Wrong/24044/ Packagist Remote Code Injection Vulnerability https://justi.cz/security/2018/08/28/packagist-org-rce.html More OpenSSH User Enumeration Issues http://seclists.org/oss-sec/2018/q3/180 Two new TPM Vulnerabilities https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-han.pdf

Aug 28, 2018 • 5min

ISC StormCast for Wednesday, August 29th 2018

Microsoft Windows Task Scheduler Local Privilege Escalation Vulnerability https://www.kb.cert.org/vuls/id/906424 3D Printers Exposed to Internet https://isc.sans.edu/forums/diary/OctoPrint+3D+Web+Interfaces+EXPOSED+Port+5000+default/24038/ Firefox Nightly Built Removes Trust From Symantec Certificates https://bugzilla.mozilla.org/show_bug.cgi?id=1460062 https://bugzilla.mozilla.org/show_bug.cgi?id=1484006

Aug 27, 2018 • 4min

ISC StormCast for Tuesday, August 28th 2018

H-Worm Variant Notes Infection Date in Registry https://isc.sans.edu/forums/diary/When+was+this+machine+infected/24032/ CentOS / Ubuntu Turn Off Gnome "Bubblewrap" Sandbox https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/ Fortnite Android Arbitrary Code Install Vulnerability https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/

Aug 26, 2018 • 6min

ISC StormCast for Monday, August 27th 2018

Struts Exploits for CVE-2018-11776 on Github (there are more. just a sample) https://github.com/mazen160/struts-pwn_CVE-2018-11776 https://github.com/jiguang7/CVE-2018-11776 Publisher Malware https://isc.sans.edu/forums/diary/Microsoft+Publisher+Files+Delivering+Malware/24024/ https://isc.sans.edu/forums/diary/Microsoft+Publisher+malware+static+analysis/24026/ AT Commands https://atcommands.org/atdb/vendors Using a Microphone to Read Screen Content https://www.cs.tau.ac.il/~tromer/synesthesia/synesthesia.pdf

Aug 23, 2018 • 6min

ISC StormCast for Friday, August 24th 2018

Simple Phishing Through formcrafts.com https://isc.sans.edu/forums/diary/Simple+Phishing+Through+formcraftscom/24020/ Facebook's Onavo VPN removed from Apple AppStore https://www.wsj.com/articles/facebook-to-remove-data-security-app-from-apple-store-1534975340?mod=e2tw (paywall) https://medium.com/@chronic_9612/notes-on-analytics-and-tracking-in-onavo-protect-for-ios-904bdff346c0 Phishing False Alarm https://www.cnn.com/2018/08/23/politics/dnc-hack-false-alarm/index.html Fake Crypto Trading App Stealing Crypot Currency From Mac Users https://www.businesswire.com/news/home/20180823005093/en/AppleJeus-Lazarus-Group-Hunts-Cryptocurrency-Exchanges-macOS Intel Simplifies Microcode License https://twitter.com/imadsousou/status/1032680311753072640

Aug 22, 2018 • 5min

ISC StormCast for Thursday, August 23rd 2018

New Critical Apache Struts Vulnerability (CVE-2018-11776) https://semmle.com/news/apache-struts-CVE-2018-11776 https://cwiki.apache.org/confluence/display/WW/S2-057 Hardening Apache Struts With SELinux https://doublepulsar.com/hardening-apache-struts-with-selinux-db3a9cd1a10c?gi=f23fc884264a Ghostscript Code Execution Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1640 Photoshop CC Patch https://helpx.adobe.com/security/products/photoshop/apsb18-28.html

Aug 21, 2018 • 5min

ISC StormCast for Wednesday, August 22nd 2018

Malicious DDL Loaded Through AutoIT https://isc.sans.edu/forums/diary/Malicious+DLL+Loaded+Through+AutoIT/24008/ Traefik Fixes TLS Private Key Exposure https://github.com/containous/traefik/issues/3651 TLS Certificates Survive Domain Ownership https://insecure.design Intel Microcode License Update Causes Problems for Debian Linux https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158#14

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

App store banner

Play store banner