SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
May 14, 2018 • 6min
ISC StormCast for Monday, May 14th 2018
Odd njRat Like Scans
Reversed C2 traffic from China
Signal Vulnerability (Possibly in Electron, which affects Skype/Slack/others)
https://twitter.com/ortegaalfredo/status/995017143002509313
Electron Vulnerability
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/
Cryptocoin Miner Found in Ubuntu Snap Store
https://github.com/canonical-websites/snapcraft.io/issues/651
May 11, 2018 • 5min
ISC StormCast for Friday, May 11th 2018
DNS Exfiltration in Windows
https://isc.sans.edu/forums/diary/Exfiltrating+data+from+very+isolated+environments/23645/
Fake Electrun Wallet
https://github.com/spesmilo/electrum-docs/blob/master/decompiling_guide.md
Treasure Hunter PoS Malware Source Code Leaked
https://www.flashpoint-intel.com/blog/treasurehunter-source-code-leaked/
More Malicious Chrome Extensions Spreading via Facebook
https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/
May 10, 2018 • 4min
ISC StormCast for Thursday, May 10th 2018
Loyds Bank Phish Leads to Trickbot
https://isc.sans.edu/forums/diary/Nice+Phishing+Sample+Delivering+Trickbot/23641/
Firefox Group Policy Engine
https://www.bleepingcomputer.com/news/software/group-policy-support-coming-to-firefox-60/
OS Vendors Fix Intel Debug Flaw
https://www.kb.cert.org/vuls/id/631579
Cryptocoin Miner in Excel
https://charles.dardaman.com/js_coinhive_in_excel
May 9, 2018 • 6min
ISC StormCast for Wednesday, May 9th 2018
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2018+Patch+Tuesday/23637/
Basestriker Vulnerability Hitting Office 365
https://www.avanan.com/resources/basestriker-vulnerability-office-365
wget Cookie Injection Vulnerability
http://seclists.org/fulldisclosure/2018/May/20
May 8, 2018 • 5min
ISC StormCast for Tuesday, May 8th 2018
Parsing Windows Job Files
https://isc.sans.edu/forums/diary/Adding+Persistence+Via+Scheduled+Tasks/23633/
SYN-ACK Ransomware Uses Dobbleganging Technique
https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/
More Drupal Compromises
https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/
Russia vs. Telegram
https://twitter.com/instasegv/status/993521755192020992
https://www.bleepingcomputer.com/news/government/russia-blocks-50-vpns-and-proxy-services-providing-access-to-telegram/
May 7, 2018 • 5min
ISC StormCast for Monday, May 7th 2018
Malicious NPM Library Stopped
https://blog.npmjs.org/post/173526807575/reported-malicious-module-getcookies
Popular GDPR Shield
http://gdpr-shield.io (currently down)
More Spectre Flaws
https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
May 4, 2018 • 15min
ISC StormCast for Friday, May 4th 2018
More WebLogic Exploits
https://isc.sans.edu/forums/diary/WebLogic+Exploited+in+the+Wild+Again/23617/
Ouch! GDPR Newsletter
https://www.sans.org/security-awareness-training/ouch-newsletter
GitHub / Twitter Password Storage Issues
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html
https://www.zdnet.com/article/github-says-bug-exposed-account-passwords/
Facebook adds Homegraph Alert to Certificate Transparency log monitoring
https://www.facebook.com/notes/protect-the-graph/phishing-domain-detection/2037453483161459/
Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity
https://www.sans.org/reading-room/whitepapers/forensics/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
May 3, 2018 • 6min
ISC StormCast for Thursday, May 3rd 2018
GPS Jamming Becoming More Common
https://www.avweb.com/avwebflash/news/GPS-Jamming-Major-Threat-to-Drone-230749-1.html
https://www.heise.de/newsticker/meldung/GPS-unter-Beschuss-Jamming-und-Spoofing-nehmen-zu-4038137.html
Windows Command Line References
https://isc.sans.edu/forums/diary/Windows+Commands+Reference+An+InfoSec+Must+Have/23613/
LoJack Laptop Anti-Theft Software "Phones Home" to Russia
https://asert.arbornetworks.com/lojack-becomes-a-double-agent/
Google Maps Can Be Used as a URL Shortener
https://nakedsecurity.sophos.com/2018/05/01/google-maps-open-redirect-flaw-abused-by-spammers/
Retrieving DVR Credentials via "Admin Cookie"
https://github.com/ezelf/CVE-2018-9995_dvr_credentials
May 2, 2018 • 6min
ISC StormCast for Wednesday, May 2nd 2018
Creating Malicious Office Documents
https://isc.sans.edu/forums/diary/Diving+into+a+Simple+Maldoc+Generator/23609/
Google (and Amazon) Disable Domain Fronting
https://arstechnica.com/information-technology/2018/04/google-disables-domain-fronting-capability-used-to-evade-censors/
Google Chrome To Enforce Certificate Transparency
https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ
May 1, 2018 • 6min
ISC StormCast for Tuesday, May 1st 2018
April WebLogic Patch Incomplete and Intense Scanning for WebLogic Under Way
https://www.bleepingcomputer.com/news/security/hackers-scan-the-web-for-vulnerable-weblogic-servers-after-oracle-botches-patch/
Facex Worm Spreads Malicious Chrome Extensions via Facebook
https://blog.trendmicro.com/trendlabs-security-intelligence/facexworm-targets-cryptocurrency-trading-platforms-abuses-facebook-messenger-for-propagation/
$15 DTV Transmitter as a SDR
https://hackernoon.com/osmo-fl2k-a-15-dtv-transmitter-fm-radio-hijack-and-gps-spoofing-device-68ac08ba7d76
