SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Oct 5, 2022 • 5min
ISC StormCast for Wednesday, October 5th, 2022
Credential Harvesting with Telegram
https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/
Updated Microsoft Exchange Fix
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
https://www.cisa.gov/uscert/ncas/alerts/aa22-277a
A New Supply Chain Attack on PHP
https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-attack-on-php/
Oct 4, 2022 • 5min
ISC StormCast for Tuesday, October 4th, 2022
Microsoft Exchange Vulnerability Fix Bypassed
https://twitter.com/testanull/status/1576774007826718720
Schneider Electric UMAS Patch Bypass
https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/
Supply Chain Attack via Trojanized Comm100 Chat Installer
https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
Oct 3, 2022 • 5min
ISC StormCast for Monday, October 3rd, 2022
Microsoft Exchange 0-Day Update
https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106
https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/
CISA Adds Atlasian Bitbucket Vulnerability to Exploited List
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog
Every unsandboxed app has Full Disk Access if Terminal Does
https://lapcatsoftware.com/articles/FullDiskAccess.html
Sep 30, 2022 • 6min
ISC StormCast for Friday, September 30th, 2022
PNG Analysis with pngdump.py
https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/
Possible Exchange Server 0-Day Vulnerability
https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
https://success.trendmicro.com/dcx/s/solution/000291651?language=en_US
Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
Sep 29, 2022 • 7min
ISC StormCast for Thursday, September 29th, 2022
10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability
https://isc.sans.edu/forums/diary/10+Years+Later+Attacker+rediscovering+old+VTiger+CRM+Vulnerability/29098
IRS Reports Significant Increase in Texting Scams
https://www.irs.gov/newsroom/irs-reports-significant-increase-in-texting-scams-warns-taxpayers-to-remain-vigilant
Cloudflare Releases Turnsitle, a user-friendly, privacy-preserving CAPTCHA alternative
https://blog.cloudflare.com/turnstile-private-captcha-alternative/
Cisco Patches
https://kb.cert.org/vuls/id/855201
Chrome 106 Release
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html?m=1
Sep 28, 2022 • 7min
ISC StormCast for Wednesday, September 28th, 2022
DNS Option 15 and Debugging DNSSEC Errors
https://isc.sans.edu/forums/diary/DNS+Option+15+Debugging+DNSSEC+Errors/29094
Yari: A New Era of Yara Debugging
https://engineering.avast.io/yari-a-new-era-of-yara-debugging/
HTTP Archive Almanac
https://almanac.httparchive.org/en/2022/security
Sep 27, 2022 • 6min
ISC StormCast for Tuesday, September 27th, 2022
Easy Python Sandbox Detection
https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090
Hackers use PowerPoint Files for "Mouseover" Malware Delivery
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Redis 7.0 XAUTOCLAIM Heap Overflow
https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9
Scoreboard Hacking
https://maxwelldulin.com/BlogPost?post=7118102528
Sep 26, 2022 • 6min
ISC StormCast for Monday, September 26th, 2022
Kids Like Cookies and Malware Likes them Too
https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082
Downloading Files from Removed Domains
https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/
WhatsApp Security Updates
https://www.whatsapp.com/security/advisories/2022/
Sophos RCE Flaw
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
CircleCI Phishing Attacks Used to Access GitHub Accounts
https://discuss.circleci.com/t/circleci-security-alert-warning-phishing-attempt-for-login-credentials/45408
Sep 23, 2022 • 5min
ISC StormCast for Friday, September 23rd, 2022
RAT Delivered Through FODHelper
https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078
Microsoft Endpoint Configuration Manager Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972
New Fuzzing Tool: cifuzz
https://github.com/CodeIntelligenceTesting/cifuzz
No Security Updates from Apple
https://support.apple.com/en-us/HT201222
Sep 22, 2022 • 7min
ISC StormCast for Thursday, September 22nd, 2022
Phishing Campaigns Use Free Only Resources
https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/
Insecure use of tarfile.extract in Python
https://bugs.python.org/issue1044#msg55464
Twitter Failed to Logout Users After Password Reset
https://privacy.twitter.com/en/blog/2022/an-issue-impacting-password-resets
