SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Jan 26, 2023 • 6min
ISC StormCast for Thursday, January 26th, 2023
First Malicious OneNote Document
https://isc.sans.edu/diary/A%20First%20Malicious%20OneNote%20Document/29470
Guidance for Securing Remote Monitoring and Management Software
https://media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF
Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts
https://www.darkreading.com/cloud/microsoft-azure-kerberos-attacks-open-cloud-accounts
Microsoft Blocking XLL Files Downloaded From Internet
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=115485
Lexmark Vulnerablities
https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
VMware VRealize Update
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
Jan 25, 2023 • 7min
ISC StormCast for Wednesday, January 25th, 2023
Apple Patch Summary
https://isc.sans.edu/forums/diary/Apple%20Updates%20%28almost%29%20Everything%3A%20Patch%20Overview/29472/
ManageEngine News;
https://github.com/vonahisec/CVE-2022-47966-Scan
KSMBD Vulnerability
https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/
BitWarden Server Side Iterations
https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/
Packet Tuesday: Neighbor Advertisements
https://www.youtube.com/watch?v=CoaZjuuY1do
Jan 24, 2023 • 6min
ISC StormCast for Tuesday, January 24th, 2023
Who's Resolving This Domain
https://isc.sans.edu/forums/diary/Who's%20Resolving%20This%20Domain%3F/29462/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
NSA IPv6 Security Guidance
https://media.defense.gov/2023/Jan/18/2003145994/-1/-1/0/CSI_IPV6_SECURITY_GUIDANCE.PDF
Roaming Mantis Implements new DNS Changer in tis malicious mobile app
https://thehackernews.com/2023/01/roaming-mantis-spreading-mobile-malware.html
Jan 23, 2023 • 6min
ISC StormCast for Monday, January 23rd, 2023
Imortance of Signing in Windows Environments
https://isc.sans.edu/diary/Importance%20of%20signing%20in%20Windows%20environments/29456
FanDuel Discloses Data Breach Caused by Recent Mailchimp Hack
https://www.bleepingcomputer.com/news/security/fanduel-discloses-data-breach-caused-by-recent-mailchimp-hack/
OneNote Documents Used to Embed Malicious Office Documents
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/
Cisco Unified Communications Manager SQL Injection
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n
Possible KeePass Vulnerability
https://twitter.com/vomanc/status/1617135599030530054
Jan 20, 2023 • 6min
ISC StormCast for Friday, January 20th, 2023
SPF and DMARC use on 100k most popular domains
https://isc.sans.edu/diary/SPF%20and%20DMARC%20use%20on%20100k%20most%20popular%20domains/29452
Sysmon Exploit Released CVE-2022-41120, CVE-2022-44704
https://github.com/Wh04m1001/SysmonEoP
ManageEngine CVE-2022-47966 Technical Deep Dive
https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/
Netcomm Router Vulnerablities
https://kb.cert.org/vuls/id/986018
Microsoft Pushes Outdated Office Install Check
https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-kb5021751-to-check-for-outdated-office-installs/
Jan 19, 2023 • 6min
ISC StormCast for Thursday, January 19th, 2023
Malicious Google Ads for Fake Notepad++ Lead to Aurora Stealer
https://isc.sans.edu/diary/Malicious%20Google%20Ad%20--%3E%20Fake%20Notepad%2B%2B%20Page%20--%3E%20Aurora%20Stealer%20malware/29448
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2023.html
QT QML Vulnerability
https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml/
sudo sudoedit vulnerablity
https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
Jan 18, 2023 • 6min
ISC StormCast for Wednesday, January 18th, 2023
Finding that one GPO setting in a pool of hundreds of GPOs
https://isc.sans.edu/diary/Finding%20that%20one%20GPO%20Setting%20in%20a%20Pool%20of%20Hundreds%20of%20GPOs/29442
GIT Code Audit
https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif/
Azure SSRF Flaws
https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/
SMB Insecure Guest Auth Off By Default In Windows 11 Pro
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-insecure-guest-auth-now-off-by-default-in-windows-insider/ba-p/3715014
Packet Tuesday: IPv6 Router Advertisements
https://www.youtube.com/watch?v=uRWpB_lYIZ8
Jan 17, 2023 • 6min
ISC StormCast for Tuesday, January 17th, 2023
PSA: Why you must run an ad blocker when using Google
https://isc.sans.edu/diary/PSA%3A%20Why%20you%20must%20run%20an%20ad%20blocker%20when%20using%20Google/29438
NortonLifeLock Password Manager Bruteforcing
https://webcache.googleusercontent.com/search?q=cache%3A91Bmx_jTJIkJ%3Ahttps%3A%2F%2Fago.vermont.gov%2Fwp-content%2Fuploads%2F2023%2F01%2F2023-01-09-NortonLifeLock-Gen-Digital-Data-Breach-Notice-to-Consumers.pdf&cd=3&hl=de&ct=clnk&gl=de
CVE-2023-0179 Linux kernel stack buffer overflow in nftables: PoC and writeup
https://seclists.org/oss-sec/2023/q1/20
MSI (in)Secure Boot
https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/
Jan 16, 2023 • 5min
ISC StormCast for Monday, January 16th, 2023
Elon Musk Themed Crypto Scams Flooding YouTube Today
https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434
Microsoft Text to Speech Synthesizer
https://arxiv.org/pdf/2301.02111.pdf
Missing Windows Start Menu
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22H2#2998msgdesc
Jan 13, 2023 • 7min
ISC StormCast for Friday, January 13th, 2023
Prowler v3: AWS & Azure security assessments
https://isc.sans.edu/diary/Prowler%20v3%3A%20AWS%20%26%20Azure%20security%20assessments/29430
Certified Pre-Pw0ned Android TV
https://github.com/DesktopECHO/T95-H616-Malware
Revolte Attack
https://revolte-attack.net
NGFW Data Exfiltration
https://cymulate.com/blog/data-exfiltration-firewall/
