SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Nov 22, 2021 • 5min
ISC StormCast for Monday, November 22nd, 2021
Hikvision Security Cameras Potentially Exposed to Remote Code Execution
https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/
Detecting PAM Backdoors
https://isc.sans.edu/forums/diary/Backdooring+PAM/28058/
Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem
https://dl.acm.org/doi/pdf/10.1145/3460120.3484768
CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/
Nov 19, 2021 • 7min
ISC StormCast for Friday, November 19th, 2021
JavaScript Downloader Delivers Agent Tesla Trojan
https://isc.sans.edu/forums/diary/JavaScript+Downloader+Delivers+Agent+Tesla+Trojan/28050/
Exposed Firefox cookies.sqlite Databases
https://www.theregister.com/2021/11/18/firefox_cookies_github/
FBI Warns of Fatpipe VPN Exploits
https://www.ic3.gov/Media/News/2021/211117-2.pdf
Abusing ClouDNS
https://blog.netlab.360.com/the-pitfall-of-threat-intelligence-whitelisting-specter-botnet-is-taking-over-top-legit-dns-domains-by-using-cloudns-service/
Nov 18, 2021 • 5min
ISC StormCast for Thursday, November 18th, 2021
DDS Protocol Implementation Vulnerabilities
https://us-cert.cisa.gov/ics/advisories/icsa-21-315-02
Siemens TCP/IP Flaws
https://www.forescout.com/blog/new-critical-vulnerabilities-found-on-nucleus-tcp-ip-stack/
Netgear UPNP Stack Based Buffer Overflow
https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html
Nov 17, 2021 • 7min
ISC StormCast for Wednesday, November 17th, 2021
Emotet Returns
https://isc.sans.edu/forums/diary/Emotet+Returns/28044/
GitHub Improves npm Security
https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/
Intel CPU Debug Vulnerability
https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-intel-processors-used-in-laptops-cars-and-other-devices/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
Home Router Vulnerability Listing
https://modemly.com/m1/pulse
Nov 16, 2021 • 7min
ISC StormCast for Tuesday, November 16th, 2021
Microsoft Emergency Update fixes AD Authentication Problems
https://support.microsoft.com/en-us/topic/november-14-2021-kb5008601-os-build-14393-4771-out-of-band-c8cd33ce-3d40-4853-bee4-a7cc943582b9
Using Copy Paste to Change Microsoft AD Password
https://isc.sans.edu/forums/diary/Changing+your+AD+Password+Using+the+Clipboard+Not+as+Easy+as+Youd+Think/28036/
Parking Pages Used to Distrbute Malware
https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/
Blacksmith Revives Rowhamer
https://comsec.ethz.ch/research/dram/blacksmith/
Nov 15, 2021 • 6min
ISC StormCast for Monday, November 15th, 2021
Not So Fake FBI E-Mails
https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails
https://isc.sans.edu/forums/diary/External+Email+System+FBI+Compromised+Sending+Out+Fake+Warnings/28034/
https://twitter.com/spamhaus/status/1459450061696417792
Reversing Obfuscated Maldoc with BASE64
https://isc.sans.edu/forums/diary/Obfuscated+Maldoc+Reversed+BASE64/28030/
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
VMWare VCenter Update
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
Windows User Profile 0-Day LPE
https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html
Nov 12, 2021 • 3min
ISC StormCast for Friday, November 12th, 2021
In Memory of Alan Paller. Cyber Security Industry Titan and SANS Institute Founder
https://www.sans.org/press/announcements/alan-paller-cyber-security-industry-titan-and-sans-institute-founder-passes-away/
https://isc.sans.edu/forums/diary/In+Memory+of+Alan+Paller/28026/
Nov 11, 2021 • 7min
ISC StormCast for Thursday, November 11th, 2021
Shadow IT Makes People More Vulnerable to Phishing
https://isc.sans.edu/forums/diary/Shadow+IT+Makes+People+More+Vulnerable+to+Phishing/28022/
PaloAlto Networks GlobalProtect VPN CVE-2021-3064
https://www.randori.com/blog/cve-2021-3064/?i=2
Citrix ADC/Gateway/SD-WAN WANOP Patch
https://support.citrix.com/article/CTX330728
HPE Aruba Breach
https://www.arubanetworks.com/support-services/security-bulletins/central-incident-faq/
LiveStream: Application Security; Web Apps, APIs & Microservices
youtu.be/6gGB7skXvpg
2pm ET Today (not 1pm as mentioned in the podcast
Nov 10, 2021 • 7min
ISC StormCast for Wednesday, November 10th, 2021
Microsoft November 2021 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+November+2021+Patch+Tuesday/28018/
Adobe Patches
https://helpx.adobe.com/security.html
BusyBox Vulnerabilities
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
Nov 9, 2021 • 7min
ISC StormCast for Tuesday, November 9th, 2021
(Ab)Using Security Tools & Controls for the Bad
https://isc.sans.edu/forums/diary/AbUsing+Security+Tools+Controls+for+the+Bad/28014/
Targeted Attack Campaign Against ManageEngine ADSelfService Plus
https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
Image-Scaling Attacks in Machine Learning
https://www.usenix.org/system/files/sec20fall_quiring_prepub.pdf
