SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Aug 16, 2022 • 7min
ISC StormCast for Tuesday, August 16th, 2022
Realtek CVE-2022-27255 Followup (snort signature and presentation)
https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940
MacOS Privilege Escalation
https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/
Zoom Update
https://explore.zoom.us/en/trust/security/security-bulletin/
Microsoft Block Vulnerable Bootloaders
https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/
HPE Integrated Lights Out 5 Vulnerablities
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf04333en_us
Aug 15, 2022 • 12min
ISC StormCast for Monday, August 15th, 2022
Realtek eCOS SDK SIP ALG Vulnerability
https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940
Phishing HTML Attachment as Voicemail Audio Transcription
https://isc.sans.edu/diary/Phishing+HTML+Attachment+as+Voicemail+Audio+Transcription/28938
CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service Vulnerability
https://security.paloaltonetworks.com/CVE-2022-0028
Aug 12, 2022 • 7min
ISC StormCast for Friday, August 12th, 2022
InfoStealer Script Based on Curl and NSudo
https://isc.sans.edu/diary/InfoStealer+Script+Based+on+Curl+and+NSudo/28932
Cisco Breach Details
https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html
Ivanti Pulse Connect Secure Privilege Escalation Vulnerability
https://gist.github.com/JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
Aug 11, 2022 • 6min
ISC StormCast for Thursday, August 11th, 2022
And Here They Come Again: DNS Reflection Attacks
https://isc.sans.edu/diary/And+Here+They+Come+Again%3A+DNS+Reflection+Attacks/28928
Rapid 7 Defaultinator
https://defaultinator.com
Zimbra Mass Compromise
https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/
VMWare vRealize Vulnerability
https://www.vmware.com/security/advisories/VMSA-2022-0022.html
Microsoft Vulnerability and IPS/Snort
https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/156649
Aug 10, 2022 • 6min
ISC StormCast for Wednesday, August 10th, 2022
Microsoft August 2022 Patch Tuesday
https://isc.sans.edu/diary/Microsoft+August+2022+Patch+Tuesday/28924
AEPIC Leak
https://aepicleak.com
Adobe security bulletins
https://helpx.adobe.com/security/security-bulletin.html
Aug 9, 2022 • 6min
ISC StormCast for Tuesday, August 9th, 2022
JSON All the Logs!
https://isc.sans.edu/diary/JSON+All+the+Logs%21/28920
Microsoft Edge Enhanced Security
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-browse-safer
Malicious Python Packages
https://www.darkreading.com/application-security/10-malicious-packages-slither-pypi-registry
New Orchard Botnet
https://blog.netlab.360.com/a-new-botnet-orchard-generates-dga-domains-with-bitcoin-transaction-information/
Aug 8, 2022 • 6min
ISC StormCast for Monday, August 8th, 2022
Exim Vulnerability Silently Patched
https://github.com/ivd38/exim_overflow
DuckDuckGo Stopping Microsoft Tracking Code
https://spreadprivacy.com/more-privacy-and-transparency/
Emergency Broadcast Messaging System Vulnerabilities
https://content.govdelivery.com/accounts/USDHSFEMA/bulletins/3263326
Slack Leaks Hashed Passwords
https://slack.com/intl/en-in/blog/news/notice-about-slack-password-resets
Zimbra Flaw Exploited
https://nvd.nist.gov/vuln/detail/CVE-2022-27924
Aug 5, 2022 • 7min
ISC StormCast for Friday, August 5th, 2022
TLP 2.0 is Here
https://isc.sans.edu/diary/TLP+2.0+is+here/28914
Hijacking email with Cloudflare Email Routing
https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/
rsync arbitrary file write vulnerablity
https://www.openwall.com/lists/oss-security/2022/08/02/1
Local privilege escalation in Kaspersky VPN
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/
Aug 4, 2022 • 7min
ISC StormCast for Thursday, August 4th, 2022
l9explore and LeakIX Internet Wide Recon Scans
https://isc.sans.edu/diary/l9explore+and+LeakIX+Internet+wide+recon+scans./28910
Arris / Arris Variant DSL/Fiber Router Critical Vulnerability
http://derekabdine.com/blog/2022-arris-advisory
35,000 Malicious Repo Forks Flood GitHub
https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/
Palo Alto Master Key
https://twitter.com/rqu50/status/1554566757704089600#m
Laravel Unserialize RCE
https://github.com/beicheng-maker/vulns/issues/1
Unuathenticated Remote Code Execution in DrayTek Vigor Routers
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html
Aug 3, 2022 • 6min
ISC StormCast for Wednesday, August 3rd, 2022
Increase in Chinese "Hacktivism" Attacks
https://isc.sans.edu/diary/Increase+in+Chinese+%22Hacktivism%22+Attacks/28906
Zoho Password Manager Exploit
https://xz.aliyun.com/t/11578
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2022-0021.html
https://twitter.com/VietPetrus
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html
