SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Dec 8, 2021 • 6min
ISC StormCast for Wednesday, December 8th, 2021
Webshells, Webshells everywhere!
https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/
AWS Outage
https://status.aws.amazon.com
Misconfigured Kafdrop Puts Companies' Apache Kafka Completely Exposed
https://spectralops.io/blog/misconfigured-kafdrop-puts-companies-apache-kafka-completely-exposed/
Windows 10 RCE: The exploit is in the link
https://positive.security/blog/ms-officecmd-rce
XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
https://xsinator.com/paper.pdf
Dec 7, 2021 • 6min
ISC StormCast for Tuesday, December 7th, 2021
The Importance of Out of Band Networks
https://isc.sans.edu/forums/diary/The+Importance+of+OutofBand+Networks/28102/
Kaseya Unitrends Backup Appliance Updates
https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961
Is KAX17 Performing De-Anonymization Attacks Against Tor Users?
https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8
Google Chrome Update No 0-Days
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
Dec 6, 2021 • 5min
ISC StormCast for Monday, December 6th, 2021
The UPX Packer will never die
https://isc.sans.edu/forums/diary/The+UPX+Packer+Will+Never+Die/28096/
Survey of Airgap Attacks
https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/
Ubiquity Victim of Insider Extortion
https://www.justice.gov/usao-sdny/pr/former-employee-technology-company-charged-stealing-confidential-data-and-extorting
Dec 3, 2021 • 14min
ISC StormCast for Friday, December 3rd, 2021
TA551 (Shathak) Pushes IcedID (Bokbot)
https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/
pip-audit scanning Python packages for known vulnerabilities
https://pypi.org/project/pip-audit/
Wifi Router Flaws
https://www.iot-inspector.com/blog/router-security-check-2021/
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge/
Dec 2, 2021 • 6min
ISC StormCast for Thursday, December 2nd, 2021
Info-Stealer Using webhook.site to Exfiltrate Data
https://isc.sans.edu/forums/diary/InfoStealer+Using+webhooksite+to+Exfiltrate+Data/28088/
Mozilla NSS Library Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
EwDoor Botnet is Attacking AT&T Customers
https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/
JAMF Pro 10.32 Patch
https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505
Dec 1, 2021 • 6min
ISC StormCast for Wednesday, December 1st, 2021
Hunting for PHPUnit Installed via Composer
https://isc.sans.edu/forums/diary/Hunting+for+PHPUnit+Installed+via+Composer/28084/
Microsoft Defender Scares Admins with Emotet False Positivies
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-scares-admins-with-emotet-false-positives/
Printing Shellz HP Printer Vulnerabilities
https://blog.f-secure.com/hp-printer-vulnerabilities/?_ga=2.125707850.1160056027.1638325485-2056233716.1638325485
Unpatched Local Privilege Escalation in Mobile Device Management Service
https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html
Nov 30, 2021 • 5min
ISC StormCast for Tuesday, November 30th, 2021
Wireshark 3.6.0 Released
https://isc.sans.edu/forums/diary/Wireshark+360+Released/28076/
Google Cloud Security Report
https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf
Zoom Patch
https://explore.zoom.us/en/trust/security/security-bulletin/
Slack DNSSEC Experience Reports
https://slack.engineering/what-happened-during-slacks-dnssec-rollout/
Nov 29, 2021 • 6min
ISC StormCast for Monday, November 29th, 2021
Phishing Pages Hiding Itself Using Dynamically Adjusted IP Based Allow List
https://isc.sans.edu/forums/diary/Phishing+page+hiding+itself+using+dynamically+adjusted+IPbased+allow+list/28070/
Trickbot Phishing Checks Screen Resolution to Evade Researchers
https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/
QNAP QVR Patch
https://www.qnap.com/de-de/security-advisory/qsa-21-51
CronRAT Malware Hiding in cron
https://sansec.io/research/cronrat
Nov 24, 2021 • 3min
ISC StormCast for Wednesday, November 24th, 2021
YARA Rule for OOXML Maldocs: Less False Positives
https://isc.sans.edu/forums/diary/YARA+Rule+for+OOXML+Maldocs+Less+False+Positives/28066/
Zero-Day Windows Installer Exploit
https://www.bleepingcomputer.com/news/security/malware-now-trying-to-exploit-new-windows-installer-zero-day/
VMWare VCenter Vulnerability and Patch
https://www.vmware.com/security/advisories/VMSA-2021-0027.html
Nov 23, 2021 • 4min
ISC StormCast for Tuesday, November 23rd, 2021
Simple YARA Rules for Office Maldocs
https://isc.sans.edu/forums/diary/Simple+YARA+Rules+for+Office+Maldocs/28062/
Retailers Urged to Patch Magento
https://www.theregister.com/2021/11/22/ncsc_magento_updates_black_friday_reminder/
PoC of CVE-2021-42321: pop mspaint.exe on the target
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
BeC Via Exchange Flaws
https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html
Windows Priv. Escalation PoC
https://github.com/klinix5/InstallerFileTakeOver
PHP deserialize vulnerablity in CloudLinux Imunity360
https://blog.talosintelligence.com/2021/11/vulnerability-spotlight-php-deserialize.html
