SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Jan 19, 2021 • 6min
ISC StormCast for Tuesday, January 19th, 2021
Doc And RTF Malicious Document
https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/
Center for Internet Security Cisco NX-OS Benchmark
https://www.cisecurity.org/cis-benchmarks/
Exploit for Shazam Geolocation Vulnerablity
https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792
Voice Phishing and Internal Messaging Systems Used to Escalate Privileges
https://www.ic3.gov/Media/News/2021/210115.pdf
Jan 18, 2021 • 5min
ISC StormCast for Monday, January 18th, 2021
Scans for DNS over HTTPs
https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/
https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments
Netlogon Domain Controller Enforcement Mode Starting February 9th
https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/
Apple Removing ContentFilterExclusionList
https://www.patreon.com/posts/46179028
Jan 15, 2021 • 5min
ISC StormCast for Friday, January 15th, 2021
Dynamically Analzying A Heavily Obfuscted Excel 4 Macro Malicious File
https://isc.sans.edu/forums/diary/Dynamically+analyzing+a+heavily+obfuscated+Excel+4+macro+malicious+file/26986/
Odd Filename Corrupts NTFS Disks
https://twitter.com/jonasLyk/status/1347900440000811010
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
Jan 14, 2021 • 6min
ISC StormCast for Thursday, January 14th, 2021
Hancitor Activity Resumes After a Holiday Break
https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/
Intel Hardware-Enabled Ransomware Protections
https://www.cybereason.com/blog/cybereason-and-intel-introduce-hardware-enabled-ransomware-protections-for-businesses
Making Clouds Rain: RCE in Microsoft Office 365
https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html#fn:1
SAP Security Patch Day
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
Jan 13, 2021 • 6min
ISC StormCast for Wednesday, January 13th, 2021
MSFT January 2021 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+January+2021+Patch+Tuesday/26978/
Adobe Patches
https://helpx.adobe.com/security.html
MimeCast Cert Stolen
https://www.mimecast.com/blog/important-update-from-mimecast/
Leaking Silhouettes of Cross-Origin Images
https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/
Jan 12, 2021 • 6min
ISC StormCast for Tuesday, January 12th, 2021
Using the NVD Database API Part 3/3
https://isc.sans.edu/forums/diary/Using+the+NVD+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Tool+Drop+CVEScan+Part+3+of+3/26974/
Sysinternals Update
https://docs.microsoft.com/en-us/sysinternals/
Ubiquiti Breach
https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/
Run-Only AppleScript Reversing
https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
Jan 11, 2021 • 6min
ISC StormCast for Monday, January 11th, 2021
Maldoc Strings Analysis
https://isc.sans.edu/forums/diary/Maldoc+Strings+Analysis/26966/
CVSS Reliablity Survey
https://user-surveys.cs.fau.de/index.php?r=survey/index&sid=248857
Fake Trump Video Malware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-qnode-rat-downloader-distributed-as-trump-video-scandal/
SMS Phishing (Smishing)
https://www.bbc.com/news/business-55563748
dnsren vulnerability
https://www.exploit-db.com/exploits/49394
Jan 8, 2021 • 16min
ISC StormCast for Friday, January 8th, 2021
Using the NIST Database and API to Keep Up with Vulnerabilities
https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/
Titan Security Key
https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf
The Great Suspender Google Chrome Extension
https://www.theregister.com/2021/01/07/great_suspender_malware/
Brian Nishida: Ubuntu Artifacts Generated by Gnome Desktop Environment
https://www.sans.org/reading-room/whitepapers/forensics/ubuntu-artifacts-generated-gnome-desktop-environment-40035
Jan 7, 2021 • 4min
ISC StormCast for Thursday, January 7th, 2021
Zyxel Exploitation Under Way
https://isc.sans.edu/forums/diary/Scans+for+Zyxel+Backdoors+are+Commencing/26954/
Fortinet Patches
https://www.fortiguard.com/psirt?date=01-2021
Foxit PhantomPDF Patches
https://www.foxitsoftware.com/support/security-bulletins.html
Firefox Android Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/
Jan 6, 2021 • 6min
ISC StormCast for Wednesday, January 6th, 2021
Netfox Detective: An Alternative Open-Source Packet Analysis Tool
https://isc.sans.edu/forums/diary/Netfox+Detective+An+Alternative+OpenSource+Packet+Analysis+Tool/26950/
ElectroRAT Drains Cryptocurrency Accounts
https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/
Chrome Will Prefer HTTPS over HTTP By Default
https://chromium-review.googlesource.com/c/chromium/src/+/2568448
Android January Patch Day
https://source.android.com/security/bulletin/2021-01-01
Telegram Publishes Users' Locations Online
https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html
