SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Sep 27, 2022 • 6min
ISC StormCast for Tuesday, September 27th, 2022
Easy Python Sandbox Detection
https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090
Hackers use PowerPoint Files for "Mouseover" Malware Delivery
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Redis 7.0 XAUTOCLAIM Heap Overflow
https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9
Scoreboard Hacking
https://maxwelldulin.com/BlogPost?post=7118102528
Sep 26, 2022 • 6min
ISC StormCast for Monday, September 26th, 2022
Kids Like Cookies and Malware Likes them Too
https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082
Downloading Files from Removed Domains
https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/
WhatsApp Security Updates
https://www.whatsapp.com/security/advisories/2022/
Sophos RCE Flaw
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
CircleCI Phishing Attacks Used to Access GitHub Accounts
https://discuss.circleci.com/t/circleci-security-alert-warning-phishing-attempt-for-login-credentials/45408
Sep 23, 2022 • 5min
ISC StormCast for Friday, September 23rd, 2022
RAT Delivered Through FODHelper
https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078
Microsoft Endpoint Configuration Manager Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972
New Fuzzing Tool: cifuzz
https://github.com/CodeIntelligenceTesting/cifuzz
No Security Updates from Apple
https://support.apple.com/en-us/HT201222
Sep 22, 2022 • 7min
ISC StormCast for Thursday, September 22nd, 2022
Phishing Campaigns Use Free Only Resources
https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/
Insecure use of tarfile.extract in Python
https://bugs.python.org/issue1044#msg55464
Twitter Failed to Logout Users After Password Reset
https://privacy.twitter.com/en/blog/2022/an-issue-impacting-password-resets
Sep 21, 2022 • 6min
ISC StormCast for Wednesday, September 21st, 2022
Chainsaw: Hunt, search and extract event log records
https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066
PDU Exploits past NAT
https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices
Tamper Protection will be turned on for all Enterprise Customers
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478
Sep 20, 2022 • 6min
ISC StormCast for Tuesday, September 20th, 2022
Preventing ISO Malware
https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062
State of Emotet
https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022
Undermining Microsoft Teams Security by Mining Tokens
https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens
Sep 19, 2022 • 6min
ISC StormCast for Monday, September 19th, 2022
Word Maldoc With CustomXML and Renamed VBAProject.bin
https://isc.sans.edu/diary/Word+Maldoc+With+CustomXML+and+Renamed+VBAProject.bin/29056
2FA on Lock Screens
https://www.bbc.com/news/uk-england-london-62809151
Chrome and Edge Enhances Spellcheck Features Expose PII, Even Your Password
https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords
Reconstructing Content Reflected in Glasses
https://arxiv.org/abs/2205.03971
Sep 16, 2022 • 7min
ISC StormCast for Friday, September 16th, 2022
Malicous Word Document With a Frameset
https://isc.sans.edu/diary/Malicious+Word+Document+with+a+Frameset/29052
CVE-2022-34721 Exploit
https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721
Trojaned Putty Used in Attacks
https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing
Lenovo BIOS Updates
https://support.lenovo.com/us/en/product_security/LEN-94953#Desktop
Sep 15, 2022 • 6min
ISC StormCast for Thursday, September 15th, 2022
Easy Process Injection within Python
https://isc.sans.edu/diary/Easy+Process+Injection+within+Python/29048
Queen Elizabeth Related Phishing
https://twitter.com/threatinsight/status/1570092339984584705
Microsoft 365 Auto Updates Apps on Locked or Idle Devices
https://techcommunity.microsoft.com/t5/microsoft-365-blog/update-under-lock-improved-update-experience-for-microsoft-365/ba-p/3618901
Sep 14, 2022 • 6min
ISC StormCast for Wednesday, September 14th, 2022
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+September+2022+Patch+Tuesday/29044/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Magento Vendor Fishpig Hacked, Backdoors Added
https://sansec.io/research/rekoobe-fishpig-magento
