SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Dec 10, 2021 • 7min
ISC StormCast for Friday, December 10th, 2021
Phishing Direct Messages via Discord
https://isc.sans.edu/forums/diary/Phishing+Direct+Messages+via+Discord/28114/
Vulnerable Microtik Routers
https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/
log4j RCE 0-day
https://www.lunasec.io/docs/blog/log4j-zero-day/
Sonicwall SMA 100 Patch
https://www.sonicwall.com/support/product-notification/product-security-notice-sma-100-series-vulnerability-patches-q4-2021/211201154715443/
Dec 9, 2021 • 6min
ISC StormCast for Thursday, December 9th, 2021
December 2021 Forensic Challenge
https://isc.sans.edu/forums/diary/December+2021+Forensic+Challenge/28108/
Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection
Android Patch Day
https://source.android.com/security/bulletin/2021-12-01?hl=en
Dec 8, 2021 • 6min
ISC StormCast for Wednesday, December 8th, 2021
Webshells, Webshells everywhere!
https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/
AWS Outage
https://status.aws.amazon.com
Misconfigured Kafdrop Puts Companies' Apache Kafka Completely Exposed
https://spectralops.io/blog/misconfigured-kafdrop-puts-companies-apache-kafka-completely-exposed/
Windows 10 RCE: The exploit is in the link
https://positive.security/blog/ms-officecmd-rce
XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
https://xsinator.com/paper.pdf
Dec 7, 2021 • 6min
ISC StormCast for Tuesday, December 7th, 2021
The Importance of Out of Band Networks
https://isc.sans.edu/forums/diary/The+Importance+of+OutofBand+Networks/28102/
Kaseya Unitrends Backup Appliance Updates
https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961
Is KAX17 Performing De-Anonymization Attacks Against Tor Users?
https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8
Google Chrome Update No 0-Days
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
Dec 6, 2021 • 5min
ISC StormCast for Monday, December 6th, 2021
The UPX Packer will never die
https://isc.sans.edu/forums/diary/The+UPX+Packer+Will+Never+Die/28096/
Survey of Airgap Attacks
https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/
Ubiquity Victim of Insider Extortion
https://www.justice.gov/usao-sdny/pr/former-employee-technology-company-charged-stealing-confidential-data-and-extorting
Dec 3, 2021 • 14min
ISC StormCast for Friday, December 3rd, 2021
TA551 (Shathak) Pushes IcedID (Bokbot)
https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/
pip-audit scanning Python packages for known vulnerabilities
https://pypi.org/project/pip-audit/
Wifi Router Flaws
https://www.iot-inspector.com/blog/router-security-check-2021/
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge/
Dec 2, 2021 • 6min
ISC StormCast for Thursday, December 2nd, 2021
Info-Stealer Using webhook.site to Exfiltrate Data
https://isc.sans.edu/forums/diary/InfoStealer+Using+webhooksite+to+Exfiltrate+Data/28088/
Mozilla NSS Library Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
EwDoor Botnet is Attacking AT&T Customers
https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/
JAMF Pro 10.32 Patch
https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505
Dec 1, 2021 • 6min
ISC StormCast for Wednesday, December 1st, 2021
Hunting for PHPUnit Installed via Composer
https://isc.sans.edu/forums/diary/Hunting+for+PHPUnit+Installed+via+Composer/28084/
Microsoft Defender Scares Admins with Emotet False Positivies
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-scares-admins-with-emotet-false-positives/
Printing Shellz HP Printer Vulnerabilities
https://blog.f-secure.com/hp-printer-vulnerabilities/?_ga=2.125707850.1160056027.1638325485-2056233716.1638325485
Unpatched Local Privilege Escalation in Mobile Device Management Service
https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html
Nov 30, 2021 • 5min
ISC StormCast for Tuesday, November 30th, 2021
Wireshark 3.6.0 Released
https://isc.sans.edu/forums/diary/Wireshark+360+Released/28076/
Google Cloud Security Report
https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf
Zoom Patch
https://explore.zoom.us/en/trust/security/security-bulletin/
Slack DNSSEC Experience Reports
https://slack.engineering/what-happened-during-slacks-dnssec-rollout/
Nov 29, 2021 • 6min
ISC StormCast for Monday, November 29th, 2021
Phishing Pages Hiding Itself Using Dynamically Adjusted IP Based Allow List
https://isc.sans.edu/forums/diary/Phishing+page+hiding+itself+using+dynamically+adjusted+IPbased+allow+list/28070/
Trickbot Phishing Checks Screen Resolution to Evade Researchers
https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/
QNAP QVR Patch
https://www.qnap.com/de-de/security-advisory/qsa-21-51
CronRAT Malware Hiding in cron
https://sansec.io/research/cronrat
