SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Jul 18, 2022 • 5min
ISC StormCast for Monday, July 18th, 2022
Python: Files in Use By Another Process
https://isc.sans.edu/diary/Python%3A+Files+In+Use+By+Another+Process/28848
Google Removing App Permissions List for Data Safety
https://twitter.com/MishaalRahman/status/1547307555407421443
Google Play Malware
https://twitter.com/IngraoMaxime/status/1547164768401858560
Faking Github Metadata
https://checkmarx.com/blog/unverified-commits-are-you-unknowingly-trusting-attackers-code/
Jul 15, 2022 • 7min
ISC StormCast for Friday, July 15th, 2022
Debugging Broadcast Storms
https://isc.sans.edu/diary/A+%22DHCP+is+Broken%22+story%2C+and+a+Blast+from+the+Past+%28or+should+I+say+%22Storm%22+from+the+past%29/28844
Targeted Deanonymization via Side Channel Attacks
https://leakuidatorplusteam.github.io/preprint.pdf
Cookie Theft to BEC
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
VMWare Patch
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
Jul 14, 2022 • 6min
ISC StormCast for Thursday, July 14th, 2022
Using Referrers to Detect Phishing Attacks
https://isc.sans.edu/diary/Using+Referers+to+Detect+Phishing+Attacks/28836
Callback Phishing Campaigns Impersonating Security Companies
https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies/
Retbleed Spectre Attack
https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/
Buffer Overflow Vulnerabilities in UEFI firmware of several Lenovo Notebook
https://twitter.com/ESETresearch/status/1547166334651334657
Jul 13, 2022 • 6min
ISC StormCast for Wednesday, July 13th, 2022
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft+July+2022+Patch+Tuesday/28838
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
SAP Patches
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
IBM Patches
https://www.ibm.com/support/pages/node/6602255
https://www.ibm.com/support/pages/node/6602259
https://www.ibm.com/support/pages/node/6602251
Jul 12, 2022 • 6min
ISC StormCast for Tuesday, July 12th, 2022
Rogers Outage
https://about.rogers.com/news-ideas/a-message-from-rogers-president-and-ceo/
Rolling Pwn
https://rollingpwn.github.io/rolling-pwn/
GitHub Runners mine Cryptocoins
https://www.trendmicro.com/en_us/research/22/g/unpacking-cloud-based-cryptocurrency-miners-that-abuse-github-ac.html
SANSFIRE Keynote Stream
https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
Jul 11, 2022 • 5min
ISC StormCast for Monday, July 11th, 2022
SANSFIRE Keynote Stream
https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
Extracting URLs from Emotet with Cyberchef
https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/
Microsoft rolling Back Macro Policy Change
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
Checkmate Ransomware Affected Poorly Configured QNAP NAS
https://www.qnap.com/en/security-advisory/QSA-22-21
PyPi Requires 2FA for critical packages
https://pypi.org/security-key-giveaway/
Jul 7, 2022 • 7min
ISC StormCast for Thursday, July 7th, 2022
How Many SANs are Insane
https://isc.sans.edu/forums/diary/How+Many+SANs+are+Insane/28820/
Fortinet July Updates
https://fortiguard.fortinet.com/psirt?date=07-2022
Phishing Attacks Getting Trickier
https://www.sans.org/newsletters/ouch/phishing-attacks-getting-trickier
Quantum Safe Ciphers
https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4
Apple Proposes Lockdown Mode
https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/
Jul 6, 2022 • 6min
ISC StormCast for Wednesday, July 6th, 2022
EternalBlue 5 Years After WannaCry and NotPetya
https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/
OpenSSL Patches Two Vulnerabilities
https://www.openssl.org/news/secadv/20220705.txt
Iconburst NPM Software Supply Chain Attack
https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites
Jul 5, 2022 • 6min
ISC StormCast for Tuesday, July 5th, 2022
7Zip Mark of the Web For Office Files
https://isc.sans.edu/forums/diary/7Zip+MoW+For+Office+files/28812/
SessionManager Backdoor Seen with IIS
https://securelist.com/the-sessionmanager-iis-backdoor/106868/
Googe Chrome Stable Channel Update
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
Jul 1, 2022 • 6min
ISC StormCast for Friday, July 1st, 2022
Case Study: Cobalt Strike Server Lives on After its Domain is Suspended
https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
https://www.horizon3.ai/red-team-blog-cve-2022-28219/
CWE Top 25 Update
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html#analysis
