SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Aug 26, 2021 • 6min
ISC StormCast for Thursday, August 26th, 2021
There May Be Many More SPF Records Than We Might Expect
https://isc.sans.edu/forums/diary/There+may+be+many+more+SPF+records+than+we+might+expect/27786/
OpenSSL Update
https://www.openssl.org/news/vulnerabilities.html
F5 Update
https://support.f5.com/csp/article/K50974556
https://support.f5.com/csp/article/K41351250
SideWalk Backdoor
https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/
Aug 25, 2021 • 5min
ISC StormCast for Wednesday, August 25th, 2021
Attackers Hunting for Twilio Credentials
https://isc.sans.edu/forums/diary/Attackers+Hunting+For+Twilio+Credentials/27782/
Modified WhatsApp Spreading Malware
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
Privilege Escalation without Pluggin in Device
http://0xsp.com/security%20research%20&%20development%20(SRD)/local-administrator-is-not-just-with-razer-it-is-possible-for-all
Aug 24, 2021 • 6min
ISC StormCast for Tuesday, August 24th, 2021
Out of Band Phishing Using SMS Messages to Evade Network Detection
https://isc.sans.edu/forums/diary/Out+of+Band+Phishing+Using+SMS+messages+to+Evade+Network+Detection/27768/
Elevate Priviledges with Razer Mouse
https://twitter.com/j0nh4t/status/1429049506021138437
Realtek Vulnerabilites Exploited
https://securingsam.com/realtek-vulnerabilities-weaponized/
Exposed Microsoft Power Apps
https://www.upguard.com/breaches/power-apps
Aug 23, 2021 • 5min
ISC StormCast for Monday, August 23rd, 2021
Waiting for the C2 to Show Up
https://isc.sans.edu/forums/diary/Waiting+for+the+C2+to+Show+Up/27772/
DOCX with Embdedded EXE
https://isc.sans.edu/forums/diary/docx+With+Embedded+EXE/27776/
Securing Your Windows 365 Cloud PCs
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129
Pegasus Fraud Scam
https://www.ehackingnews.com/2021/08/pegasus-iphone-hacks-used-as-bait-in.html
Proper Audit Logging for Office 365
https://zolder.io/office-365-audit-logging/
Aug 20, 2021 • 15min
ISC StormCast for Friday, August 20th, 2021
When Lightning Strikes: What works and doesn't work
https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/
Cisco Small Business Router Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5
Blackberry QNX Products Vulnerability
https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
SANS.edu Student: Mark Morowcynzski; Decreasing Attacker Dwell Time in Azure Active Directory
https://www.sans.org/white-papers/40390/
Aug 19, 2021 • 5min
ISC StormCast for Thursday, August 19th, 2021
5 Things to Consider Before Moving Back to the Office
https://isc.sans.edu/forums/diary/5+Things+to+Consider+Before+Moving+Back+to+the+Office/27762/
Adobe Patches
https://helpx.adobe.com/security.html
Several Web Sites Infected with Chinese Spyware
https://imp0rtp3.wordpress.com/2021/08/12/tetris/
Trickbot Tricks Users with 1Password
https://www.ehackingnews.com/2021/08/trickbot-employs-bogus-1password.html
Aug 18, 2021 • 6min
ISC StormCast for Wednesday, August 18th, 2021
Laravel Exploit Attempts Tageting Vulnerability in "Ignition"
https://isc.sans.edu/forums/diary/Laravel+v842+exploit+attempts+for+CVE20213129+debug+mode+Remote+code+execution/27758/
ThroughTek "Kaley" Protocol Vulnerability
https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html
Fortinet FortiWeb Vulnerability
https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/
Aug 17, 2021 • 5min
ISC StormCast for Tuesday, August 17th, 2021
Triage of Malware Bazaar's Daily Malware Batches
https://isc.sans.edu/forums/diary/Extra+Tip+For+Triage+Of+MALWARE+Bazaars+Daily+Malware+Batches/27754/
Realtek SDK Vulnerability
https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/
https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf
STARTTLS Vulnerabilities
https://www.usenix.org/conference/usenixsecurity21/presentation/poddebniak
Racoon Infostealer Self Infection
https://mobile.twitter.com/HRock/status/1427259563363950596
Aug 16, 2021 • 6min
ISC StormCast for Monday, August 16th, 2021
Exchange E-Discovery Scans
https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Exchange+eDiscovery/27748/
Danabot Distributed Through Malspam
https://isc.sans.edu/forums/diary/Example+of+Danabot+distributed+through+malspam/27744/
Weaponizing Middleboxes
https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/
https://www.usenix.org/conference/usenixsecurity21/presentation/bock
Deep Blue Magic Ransomware
https://www.ehackingnews.com/2021/08/deepbluemagic-newly-discovered.html
Aug 13, 2021 • 3min
ISC StormCast for Friday, August 13th, 2021
Print Nightmare Continues: CVE-2021-36958
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958
Print Nightmare Abused by Ransomware Gangs
https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/
PolyNetwork Attack
https://www.theregister.com/2021/08/10/poly_networks_cryptocurrency_theft/
