SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrich

Episodes

Mentioned books

undefined
Jun 9, 2023 • 5min

ISC StormCast for Friday, June 9th, 2023

Geoserver Scans https://isc.sans.edu/diary/Ongoing%20scans%20for%20Geoserver/29926 Barracuda Recommends Replacing Compromised Devices https://www.barracuda.com/company/legal/esg-vulnerability Google improves Chrome Password Manager https://www.msn.com/en-us/news/other/chrome-adds-windows-biometric-logins-to-its-password-powers/ar-AA1ciCCf Minecraft Mods Include Malicious Code https://www.bleepingcomputer.com/news/security/new-fractureiser-malware-used-curseforge-minecraft-mods-to-infect-windows-linux/ Trend Micro Service Pack https://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_cp_b12033_EN_Critical_Patch_Readme.html
undefined
Jun 8, 2023 • 6min

ISC StormCast for Thursday, June 8th, 2023

DMARC in .co TLD https://isc.sans.edu/diary/Management%20of%20DMARC%20control%20for%20email%20impersonation%20of%20domains%20in%20the%20.co%20TLD%20-%20part%202/29922 Three Vulnerabilities in VMWare Aria Operations for Networks https://www.vmware.com/security/advisories/VMSA-2023-0012.html SpinOK Spyware SDK found in Android Apps https://vms.drweb.com/search/?q=Android.Spy.SpinOk&lng=en https://www.cloudsek.com/threatintelligence/supply-chain-attack-infiltrates-android-apps-with-malicious-sdk Cisco Anyconnect Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw RSA Webcast https://www.rsaconference.com/library/webcast/149-sans-followup-2023
undefined
Jun 7, 2023 • 6min

ISC StormCast for Wednesday, June 7th, 2023

Github Copilot vs Google: Which Code is More Secure https://isc.sans.edu/forums/diary/Github%20Copilot%20vs.%20Google%3A%20Which%20code%20is%20more%20secure/29918/ Android Update https://source.android.com/docs/security/bulletin/2023-06-01 Chrome Updates https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html FBI Warns of Manipulated Photos and Videos For Sextortion https://www.ic3.gov/Media/Y2023/PSA230605
undefined
Jun 6, 2023 • 5min

ISC StormCast for Tuesday, June 6th, 2023

Brute Forcing Simple Archive Passwords https://isc.sans.edu/diary/Brute%20Forcing%20Simple%20Archive%20Passwords/29914 KeePass 2.54 Released https://keepass.info/news/n230603_2.54.html Splunk Advisories https://advisory.splunk.com/advisories Malicious Google Chrome Extensions https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/ Symantec Updates https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217
undefined
Jun 5, 2023 • 6min

ISC StormCast for Monday, June 5th, 2023

Critical Vulnerability in MoveIT Transfer Actively Exploited https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/ https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft Atomic Wallet Compromise https://www.bleepingcomputer.com/news/security/atomic-wallet-hacks-lead-to-over-35-million-in-crypto-stolen/ Magecart Update https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains
undefined
Jun 2, 2023 • 17min

ISC StormCast for Friday, June 2nd, 2023

After 28 Years, SSLv2 is Still Not Gone https://isc.sans.edu/forums/diary/After%2028%20years%2C%20SSLv2%20is%20still%20not%20gone%20from%20the%20internet...%20but%20we're%20getting%20there/29908/ Operation Triangulation: iOS Devices Targeted With Previously Unknown Malware https://securelist.com/operation-triangulation/109842/ MOVEit Transfer Criticial Vulnerability https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 Code Injection Vulnerablity in Reportlab Python Library https://github.com/c53elyas/CVE-2023-33733
undefined
Jun 1, 2023 • 7min

ISC StormCast for Thursday, June 1st, 2023

Apache NiFi Attacks https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900 Gigabyte App Center Backdoor; https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/ Salesforce Ghost Sites https://www.varonis.com/blog/salesforce-ghost-sites CVE-2023-34152: Shell Command Injection in ImageMagick https://securityonline.info/cve-2023-34152-shell-command-injection-bug-affecting-imagemagick/
undefined
May 31, 2023 • 6min

ISC StormCast for Wednesday, May 31st, 2023

Malspam Pushes ModiLoader Infection for Remocs Rat https://isc.sans.edu/diary/Malspam%20pushes%20ModiLoader%20%28DBatLoader%29%20infection%20for%20Remcos%20RAT/29896 MacOS SIP Bypass https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/ OpenSSL Update https://www.openssl.org/news/secadv/20230530.txt Barracuda Email Security Gateway Applicance Vulnerability Details https://www.barracuda.com/company/legal/esg-vulnerability#:~:text=the%20section%20below.-,Endpoint%20IOCs,-Table%204%20lists Void Rabisu RomCom Backdoor https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html Nextcloud Vulnerability https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54 Zyxel NAS Vulnerability https://sternumiot.com/iot-blog/ntp-textbox-vulnerability-in-zyxel-nas326-nas540-and-nas542-devices/ Wait Just An Infosec: Higher Ed https://www.youtube.com/watch?v=ufEuo-096yc&list=PLtgaAEEmVe6B2kqkE9KdgPJdtbqNiaiOn&index=8
undefined
May 30, 2023 • 6min

ISC StormCast for Tuesday, May 30th, 2023

Analyzing Office Documents Embedded Inside PowerPoint Files https://isc.sans.edu/diary/Analyzing%20Office%20Documents%20Embedded%20Inside%20PPT%20%28PowerPoint%29%20Files/29894 DocuSign Themed Email Leads to Script-Based Infection https://isc.sans.edu/diary/DocuSign-themed%20email%20leads%20to%20script-based%20infection/29888 File Archiver In The Browser https://mrd0x.com/file-archiver-in-the-browser/ Securing PyPI accounts via Two-Factor Authentication https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/ Apache Casandra Vulnerabilities https://lists.apache.org/thread/mwd02nrw2go8shg29rnp3o4hgompvkp5 MOXA MXsecurity Vulerabilities https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities
undefined
May 26, 2023 • 5min

ISC StormCast for Friday, May 26th, 2023

IR Case/Alert Management https://isc.sans.edu/diary/IR%20Case%20Alert%20Management/29880 Exploit for CVE-2023-2825 GitLab Vulnerability https://github.com/Occamsec/CVE-2023-2825 Expo Framework OAUTH Vulnerability CVE-2023-28131 https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services Mitel MiVoice Vulnerability CVE-2023-31457 CVE-2023-32748 https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004 D-Link Vulnerabilities https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
 Get the app