SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Sep 24, 2020 • 6min
ISC StormCast for Thursday, September 24th 2020
Dynamic Malicious Word Document
https://isc.sans.edu/forums/diary/Malicious+Word+Document+with+Dynamic+Content/26590/
Old Versions of SAMBA Affected by ZeroLogon Vulnerability
https://www.samba.org/samba/security/CVE-2020-1472.html
Google Chrome Update
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html
QNAP Devices hit by AgeLocker Ransomware
https://www.bleepingcomputer.com/news/security/agelocker-ransomware-targets-qnap-nas-devices-steals-data/
Sep 23, 2020 • 6min
ISC StormCast for Wednesday, September 23rd 2020
Citrix ADC Udpates
https://support.citrix.com/article/CTX281474
Firefox Version 81 Released
https://www.mozilla.org/en-US/firefox/81.0/releasenotes/
Simple Scan Drops Ransomware Risk
https://www.accesswire.com/607018/Corvus-Updates-Scan-Technology-with-RDP-Detection-Slashes-Ransomware-Claims-by-65
iOS 14 Jailbreak
https://checkra.in/news/2020/09/iOS-14-announcement
Sep 22, 2020 • 6min
ISC StormCast for Tuesday, September 22nd 2020
Slightly Broken Overlay Phishing
https://isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/
MacOS Code Injection via Third Party Frameworks
https://www.trustedsec.com/blog/macos-injection-via-third-party-frameworks
Snort/ClamAV Cobalt Strike Detection
https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html#more
Sep 21, 2020 • 6min
ISC StormCast for Monday, September 21st 2020
A Mix of Python and VBA in a Malicious Word Document
https://isc.sans.edu/forums/diary/A+Mix+of+Python+VBA+in+a+Malicious+Word+Document/26578/
Salesforce Phish
https://isc.sans.edu/forums/diary/Analysis+of+a+Salesforce+Phishing+Emails/26582/
Google App Engine Used in Phishing Attacks
https://medium.com/@marcelx/attackers-are-abusing-googles-app-engine-to-circumvent-enterprise-security-solutions-again-eda8345d531d
Sysmon Adds Clipboard Monitoring
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Windows Defender No Longer Able to Download Files
https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-defender-ability-after-security-concerns/
Sep 18, 2020 • 6min
ISC StormCast for Friday, September 18th 2020
OSSEC Active Response
https://isc.sans.edu/forums/diary/Suspicious+Endpoint+Containment+with+OSSEC/26576/
Microsoft Patch for Office for Mac
https://docs.microsoft.com/en-us/officeupdates/release-notes-office-for-mac
VMWare Fusion Vulnerablity
https://www.vmware.com/security/advisories/VMSA-2020-0020.html
NSA Secure Boot Configuration Guide
https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF
Microsoft Edge Warns Users of Adobe Flash End of Support
https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/
Sep 17, 2020 • 6min
ISC StormCast for Thursday, September 17th 2020
Most Recent "Mirai" Bot Includes Code to Target Backups
https://isc.sans.edu/forums/diary/Do+Vulnerabilities+Ever+Get+Old+Recent+Mirai+Variant+Scanning+for+20+Year+Old+Amanda+Version/26572/
Apple Security Updates
https://support.apple.com/en-us/HT201222
Sep 16, 2020 • 6min
ISC StormCast for Wednesday, September 16th 2020
Traffic Analysis Quiz: Oh No... Another Infection
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Oh+No+Another+Infection/26566/
Magento 1 Stores Targeted By Recent Attack
https://sansec.io/research/largest-magento-hack-to-date
Adobe Media Encoder Patch
https://helpx.adobe.com/security/products/media-encoder/apsb20-57.html
Zerologin Reminder
https://www.secura.com/pathtoimg.php?id=2055
Windows "Finger" Utility Abused
http://hyp3rlinx.altervista.org/advisories/Windows_TCPIP_Finger_Command_C2_Channel_and_Bypassing_Security_Software.txt
Sep 15, 2020 • 5min
ISC StormCast for Tuesday, September 15th 2020
Not Everything About ".well-known" is Well Known
https://isc.sans.edu/forums/diary/Not+Everything+About+wellknown+is+Well+Known/26564/
BLE Lock Vulnerable to Replay Attack
https://www.pentestpartners.com/security-blog/360lock-smart-lock-review/
Mobile Iron Exploit Released
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
Sep 14, 2020 • 6min
ISC StormCast for Monday, September 14th 2020
Pillaging and Protecting the Clipboard
https://isc.sans.edu/forums/diary/Whats+in+Your+Clipboard+Pillaging+and+Protecting+the+Clipboard/26556/
Critical Vulnerability in PANOS
https://security.paloaltonetworks.com/CVE-2020-2040
Linux VoIP Softswitch Malware
https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/
CVE-2020-1472 Zerologon Privilege Escalation Vulnerability
https://www.secura.com/blog/zero-logon
Sep 11, 2020 • 8min
ISC StormCast for Friday, September 11th 2020
Recent Dridex Activity
https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/
Zoom Bombings and Zoom 2FA
https://arxiv.org/abs/2009.03822
https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication/
AMD Server CPUs May Be Locked to Particular Motherboard
https://www.servethehome.com/amd-psb-vendor-locks-epyc-cpus-for-enhanced-security-at-a-cost/
BLURtooth Vulnerability
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/
