SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Aug 26, 2020 • 5min
ISC StormCast for Wednesday, August 26th 2020
Keep an Eye on LOLBins
https://isc.sans.edu/forums/diary/Keep+An+Eye+on+LOLBins/26502/
Malicious iOS Adnetwork SDK
https://snyk.io/research/sour-mint-malicious-sdk/
Apache Update
https://httpd.apache.org/security/vulnerabilities_24.html
Google Chrome User-Agent Client Hints
https://web.dev/user-agent-client-hints/
Aug 25, 2020 • 6min
ISC StormCast for Tuesday, August 25th 2020
Tracking a Malware Campaign Through VT
https://isc.sans.edu/forums/diary/Tracking+A+Malware+Campaign+Through+VT/26498/
Zoom Outage
https://www.cnn.com/2020/08/24/us/zoom-outage-worldwide-trnd/index.html
RDP Remains a Top Target
https://www.group-ib.com/media/iran-cybercriminals/?utm_source=bleeping_computer&utm_medium=article&utm_campaign=referral
Microsoft Introduces Application Guard
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide
Safari File Sharing Bug
https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html
Aug 24, 2020 • 7min
ISC StormCast for Monday, August 24th 2020
A Word of Caution: Helping Cyber Stalking Victims
https://isc.sans.edu/forums/diary/A+Word+of+Caution+Helping+Out+People+Being+Stalked+Online/26422/
RDP and Telnet Scans
https://isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/
Thales Cinterion Input Validation Vulnerability
https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/resources/security-updates-cinterion-iot-modules
Google Drive File Extension Spoofing
https://thehackernews.com/2020/08/google-drive-file-versions.html
Aug 21, 2020 • 7min
ISC StormCast for Friday, August 21st 2020
Office 365 Mail Forwarding Rules (and other Mail Rules too)
https://isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/
Spoofing GMail/GSuite Customers
https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/
Microsoft Updates DisableAntiSpyware Registry Key
https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware
Acoustic Based Physical Key Inference
https://www.comp.nus.edu.sg/~junhan/papers/SpiKey_HotMobile20_CamReady.pdf
Aug 20, 2020 • 6min
ISC StormCast for Thursday, August 20th 2020
Example of a Word Document Delivering Qakbot
https://isc.sans.edu/forums/diary/Example+of+Word+Document+Delivering+Qakbot/26482/
PGP/SMime Implementation Weaknesses
https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf
Windows 8.1 / 2012 Special Patch
https://support.microsoft.com/en-us/help/4578013/security-update-for-windows-8-1-rt-8-1-and-server-2012-r2
Fileless Cryptomining Worm
https://www.helpnetsecurity.com/2020/08/19/fileless-worm-p2p-botnet/
Aug 19, 2020 • 6min
ISC StormCast for Wednesday, August 19th 2020
Using APIs to Track Attackers
https://isc.sans.edu/forums/diary/Using+APIs+to+Track+Attackers/26472/
Jenkins Security Advisory
https://www.jenkins.io/security/advisory/2020-08-17/
Chrome Will Warn of Insecure Forms
https://blog.chromium.org/2020/08/protecting-google-chrome-users-from.html
Reminder: September 1st Certificate Expiration Change
https://www.ssl.com/blogs/398-day-browser-limit-for-ssl-tls-certificates-begins-september-1-2020/
Cryptojacking Worm Steals AWS Credentials
https://www.helpnetsecurity.com/2020/08/18/worm-steals-aws-credentials/
Aug 18, 2020 • 6min
ISC StormCast for Tuesday, August 18th 2020
Apache Struts Patch and PoC Exploit
https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability
https://cwiki.apache.org/confluence/display/WW/S2-059
Emotet Bug Used to Inoculate Systems
https://www.binarydefense.com/emocrash-exploiting-a-vulnerability-in-emotet-malware-for-defense/
Aug 17, 2020 • 5min
ISC StormCast for Monday, August 17th 2020
SANS Data Incident 2020 - Indicators of Compromise
https://www.sans.org/blog/sans-data-incident-2020-indicators-of-compromise/
Large File Used to Obfuscate Malware
https://isc.sans.edu/forums/diary/Definition+of+overkill+using+130+MB+executable+to+hide+24+kB+malware/26464/
Mac Malware Spreading via XCode
https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf
Citrix Broker Service Detected as Trojan by Windows Defender
https://support.citrix.com/article/CTX279897
Aug 14, 2020 • 8min
ISC StormCast for Friday, August 14th 2020
Decrypting Voice over LTE Calls
https://revolte-attack.net/
Vulnerabilities found on Amazon's Alexa
https://research.checkpoint.com/2020/amazons-alexa-hacked/
DROVORUB Russian GRU Linux Malware
https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
Aug 13, 2020 • 7min
ISC StormCast for Thursday, August 13th 2020
To the Brim at the Gates of Mordor
https://isc.sans.edu/forums/diary/To+the+Brim+at+the+Gates+of+Mordor+Pt+1/26456/
Large Group of Malicious Tor Exit Nodes
https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
Intel Updates
https://www.intel.com/content/www/us/en/security-center/default.html
SANS Data Incident
https://www.sans.org/dataincident2020
