SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Sep 21, 2023 • 6min
ISC StormCast for Thursday, September 21st, 2023
What's Normal: DNS TTL Values
https://isc.sans.edu/forums/diary/What's%20Normal%3F%20DNS%20TTL%20Values/30234/
CISA Highlights Snatch Ransomware
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a
npm packages caught exfiltrating Kubernetes config, SSH keys
https://blog.sonatype.com/npm-packages-caught-exfiltrating-kubernetes-config-ssh-keys
Nagios XI Vulnerabilities
https://outpost24.com/blog/nagios-xi-vulnerabilities/
Sep 20, 2023 • 5min
ISC StormCast for Wednesday, September 20th, 2023
Obfuscated Scans For Older Adobe Experience Manager Vulnerabilities
https://isc.sans.edu/diary/Obfuscated%20Scans%20for%20Older%20Adobe%20Experience%20Manager%20Vulnerabilities/30230
Trend Micro Apex One 0-day
https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US
SprySOCKS Backdoor
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
GitLab Patches
https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
Sep 19, 2023 • 5min
ISC StormCast for Tuesday, September 19th, 2023
Internet Wide Multi VPN Search from Single /24 Network
https://isc.sans.edu/diary/Internet%20Wide%20Multi%20VPN%20Search%20From%20Single%20%2024%20Network/30226
iOS/iPadOS/tvOS/WatchOS Updates
https://support.apple.com/en-us/HT201222
Juniper Vuln Details/Exploit CVE-2023-36845
https://vulncheck.com/blog/juniper-cve-2023-36845
Sep 18, 2023 • 6min
ISC StormCast for Monday, September 18th, 2023
The podcast discusses the risks of using Google Authenticator, suggesting stronger options like pass keys or FIDO 2. It also highlights vulnerabilities in QNAP operating systems and explores phishing-resistant authentication methods and cross-site scripting vulnerabilities in various platforms.
Sep 15, 2023 • 6min
ISC StormCast for Friday, September 15th, 2023
DShield and eqmu, logging experts, discuss Raspberry Pi debugging on Windows, vulnerabilities in the NCURSIS library, exploiting Windows Themes, and the deployment of the three AM ransomware as a backup plan.
Sep 14, 2023 • 6min
ISC StormCast for Thursday, September 14th, 2023
Backdoored Free DownloadManager
https://securelist.com/backdoored-free-download-manager-linux-malware/110465/
Foxit PDF Reader Updates
https://www.foxit.com/support/security-bulletins.html
macOS MetaStealer: New Family of Obfuscated Go Infostealers
https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/
Windows 11 to Support Blocking SMB NTLM Hashes
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206
Sep 13, 2023 • 6min
ISC StormCast for Wednesday, September 13th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20September%202023%20Patch%20Tuesday/30214
OpenSSL 1.1.1 End of Life
https://www.openssl.org/blog/blog/2023/09/11/eol-111/
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
Sep 12, 2023 • 6min
ISC StormCast for Tuesday, September 12th, 2023
Apple Patches Older Operating Systems
https://isc.sans.edu/diary/Apple%20fixes%200-Day%20Vulnerability%20in%20Older%20Operating%20Systems/30210
Wi-Fi Enabled Practical Keystroke Eavesdropping
https://arxiv.org/pdf/2309.03492.pdf
Phishing via Google Looker Studio
https://blog.checkpoint.com/security/phishing-via-google-looker-studio
HPE One View Authentication Bypass
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us
Sep 11, 2023 • 7min
ISC StormCast for Monday, September 11th, 2023
Augmenting Honeypot Logs
https://isc.sans.edu/diary/%3FAnyone%20get%20the%20ASN%20of%20the%20Truck%20that%20Hit%20Me%3F!%3F%3A%20Creating%20a%20PowerShell%20Function%20to%20Make%203rd%20Party%20API%20Calls%20for%20Extending%20Honeypot%20Information%20%5BGuest%20Diary%5D/30204
More details about Apple 0-day
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC#fs
Odd Password Solution
https://notpickard.com/@rdp/111009868239846779
Sep 8, 2023 • 5min
ISC StormCast for Friday, September 8th, 2023
Apple Patches 0-Days
https://isc.sans.edu/diary/30200
https://support.apple.com/en-us/HT201222
iOS Fleezeware/Scareware
https://isc.sans.edu/diary/Fleezeware%20Scareware%20Advertised%20via%20Facebook%20Tags%3B%20Available%20in%20Apple%20App%20Store/30198
Aruba Vulnerabilities
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt
TP Link Vulnerabilities
https://jvn.jp/en/vu/JVNVU99392903/
