SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Jun 30, 2022 • 7min
ISC StormCast for Thursday, June 30th, 2022
Its New Phone Day: Time to Migrate Your MFA
https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/
Managing Human Risk Security Awareness Report
https://go.sans.org/lp-wp-2022-sans-security-awareness-report
Microsoft Azure Service Fabric Container Elevation of Privilege Vulnerability
https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/#The-Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137
Zimbra RCE Vulnerability
https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
FBI Warns of Deep Fakes Beeing Used in Job Interviews
https://www.ic3.gov/Media/Y2022/PSA220628
Jun 29, 2022 • 6min
ISC StormCast for Wednesday, June 29th, 2022
Possible Scans for HiByMusic Devices
https://isc.sans.edu/forums/diary/Possible+Scans+for+HiByMusic+Devices/28796/
OpenSSL Heap Overflow
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://github.com/openssl/openssl/issues/18625#issuecomment-1165012549
ZuoRat MalwareHijacking Home Office Routers
https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
Jun 28, 2022 • 7min
ISC StormCast for Tuesday, June 28th, 2022
Encrypted Client Hello: Anybody Using it Yet?
https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/
Jenkins Advisory
https://www.jenkins.io/security/advisory/2022-06-22/
Instagram Age Verification
https://about.fb.com/news/2022/06/new-ways-to-verify-age-on-instagram/
CodeSys V2 Vulnerability
https://github.com/ic3sw0rd/Codesys_V2_Vulnerability
Jun 27, 2022 • 8min
ISC StormCast for Monday, June 27th, 2022
Python Abusing the Windows GUI
https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/
Malicious Code Passed to PowerShell via the Clipboard
https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/
Attacking With WebView2 Applications
https://mrd0x.com/attacking-with-webview2-applications/
Bronze Starlight Ransomware Operations Use Hui Loaders
https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader
Novel Exploit Detected in Mitel VoIP Appliance
https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499
Jun 23, 2022 • 6min
ISC StormCast for Thursday, June 23rd, 2022
Malicious PowerShell Targeting Cryptocurrency Browser Extensions
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/
Keeping PowerShell: Security Measures to Use and Embrace
https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
Client-Side Magecart Attacks Still Around, But More Covert
https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/
Chinese actor takes aim, armed with Nim Language and Bizarro AES
https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/
Israeli Air Raid Sirens Hacked
https://twitter.com/Israel_Cyber/status/1538821467785265153
Jun 22, 2022 • 6min
ISC StormCast for Wednesday, June 22nd, 2022
Experimental New Domain / Domain Age API
https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/
Forescout Vedere Labs Discovers 56 OT Vulnerabilities
https://www.forescout.com/resources/ot-icefall-report/
Cloudflare Outage
https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/
Does Acrobat Reader Unload Injection of Security Products
https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products
7-Zip Mark-of-the-Web Support
https://www.7-zip.org/history.txt
Jun 21, 2022 • 6min
ISC StormCast for Tuesday, June 21st, 2022
Odd TCP Fast Open Packets
https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/
DFSCoerce NTLM Relay Attack
https://github.com/Wh04m1001/DFSCoerce
https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429
Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices
https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/
Safari Vulnerability Analysis
https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
Internet Explorer Remnants Still an Issue
https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time
Jun 20, 2022 • 9min
ISC StormCast for Monday, June 20th, 2022
Critical Vulnerability in Splunk Enterprise Deployment Server Functionality
https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/
Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike
https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/
Proofpoint Discovers Potentially Dangerous Office 365 Functionality
https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality
Jun 17, 2022 • 6min
ISC StormCast for Friday, June 17th, 2022
Houdini is Back Delivered Through a JavaScript Dropper
https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/
Drifting Cloud: Zero-Day Sophos Firewall Exploitation
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/
Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack
Cisco Email Security Appliance and Cisco Secure Email and Web Manager
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD
Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability
https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/
Jun 16, 2022 • 6min
ISC StormCast for Thursday, June 16th, 2022
Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks
https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/
Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection
https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/
Cloud Middleware Dataset
https://github.com/wiz-sec/cloud-middleware-dataset
CVE-2022-26937 Windows Network File System NLM Portmap Stack Buffer Overflow
https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow
Citrix Application Delivery Management Security Bulletin
https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512
Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch
https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/
