SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
May 18, 2020 • 6min
ISC StormCast for Monday, May 18th 2020
OWA Scans
https://isc.sans.edu/forums/diary/Scanning+for+Outlook+Web+Access+OWA+Microsoft+Exchange+Control+Panel+ECP/26132/
Edison iOS E-Mail Client Leaks Data
https://www.theverge.com/2020/5/16/21260967/edison-mail-update-ios-security-bug
COMpfun Malware Uses Status Codes to Communicate
https://securelist.com/compfun-http-status-based-trojan/96874/
PAN OS Patches
https://securityaffairs.co/wordpress/103265/security/palo-alto-networks-pan-os-flaws.html
May 15, 2020 • 6min
ISC StormCast for Friday, May 15th 2020
Rethinking Severity
https://isc.sans.edu/forums/diary/Patch+Tuesday+Revisited+CVE20201048+isnt+as+Medium+as+MS+Would+Have+You+Believe/26124/
Top Exploited Vulnerabilities
https://www.us-cert.gov/ncas/alerts/aa20-133a
Zerodium Drops Payouts For iOS/Safari Exploits
https://twitter.com/Zerodium/status/1260541578747064326?s=20
BigIP Edge Client Vulenrability
https://support.f5.com/csp/article/K20346072
May 14, 2020 • 6min
ISC StormCast for Thursday, May 14th 2020
Malspam with Links to ZIP Archives Pushes Dridex Malware
https://isc.sans.edu/forums/diary/Malspam+with+links+to+zip+archives+pushes+Dridex+malware/26116/
Ramsay Cyber Espionage Toolkit
https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/
Windows DNS over HTTPS Preview
https://techcommunity.microsoft.com/t5/networking-blog/windows-insiders-can-now-test-dns-over-https/ba-p/1381282#
ISC Handler Series (SANSFIRE)
https://www.sans.org/event/sansfire-2020/bonus-sessions/
May 13, 2020 • 7min
ISC StormCast for Wednesday, May 13th 2020
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2020+Patch+Tuesday/26114/
Adobe Security Updates
https://helpx.adobe.com/security.html
Android Applications Expose Firebase Databases
https://www.comparitech.com/blog/information-security/firebase-misconfiguration-report/#What_data_is_exposed
More Magecart Sighted
https://maxkersten.nl/2020/05/06/backtracking-magecart-infections/
Glitter vs. Thunderspy
https://www.youtube.com/watch?v=vlK5rrlc44g
May 12, 2020 • 6min
ISC StormCast for Tuesday, May 12th 2020
Excel 4 Macro Analysis: XLMMacroDeobfuscator
https://isc.sans.edu/forums/diary/Excel+4+Macro+Analysis+XLMMacroDeobfuscator/26110/
LinkedIn Phish
https://youtu.be/g0WHz6rikoc
ThunderSpy Thunderbolt Attack
https://thunderspy.io/
vBulletin Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2020-12720
Mini-Netwars
https://www.sans.org/mini-netwars
May 11, 2020 • 5min
ISC StormCast for Monday, May 11th 2020
YARA 4.0.0 Released
https://isc.sans.edu/forums/diary/YARA+v400+BASE64+Strings/26106/
VMWare Patches vRealize to Address Saltstack Vulnerabilities
https://www.vmware.com/security/advisories/VMSA-2020-0009.html
Samsung Paches Android RCE Vulnerabilities
https://bugs.chromium.org/p/project-zero/issues/detail?id=2002
https://security.samsungmobile.com/securityUpdate.smsb
MacOS 2FA Application Trojan
https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/
May 8, 2020 • 6min
ISC StormCast for Friday, May 8th 2020
Scanning With NMAP NSE Scripts
https://isc.sans.edu/forums/diary/Scanning+with+nmaps+NSE+scripts/26096/
iOS Psychic Paper Vulerability
https://siguza.github.io/psychicpaper/
World Password Day
https://www.microsoft.com/security/blog/2020/05/07/protect-accounts-smarter-ways-sign-in-world-passwordless-day
https://tails.boum.org/news/version_4.6/index.en.html
Cisco Kerberos Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-asa-kerberos-bypass-96Gghe2sS
May 7, 2020 • 6min
ISC StormCast for Thursday, May 7th 2020
Keeping an Eye on Malicious Files Life Time
https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Malicious+Files+Life+Time/26092/
Fake Crypto Wallet Chrome Extensions
https://www.theregister.co.uk/2020/05/06/chrome_malicious_extensions/
Favicon Hides Credit Card Skimmer
https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/
WebEx Phishing
https://abnormalsecurity.com/blog/abnormal-attack-stories-cisco-webex-phishing/
May 6, 2020 • 5min
ISC StormCast for Wednesday, May 6th 2020
Do Cloud Security Features Replace Pesonnel Security Capabilities?
https://isc.sans.edu/forums/diary/Cloud+Security+Features+Dont+Replace+the+Need+for+Personnel+Security+Capabilities/26088/
Citrix ShareFile Storage Zones Controller Update
https://support.citrix.com/article/CTX269106
Android Update
https://source.android.com/security/bulletin/2020-05-01
Firefox Update
https://www.mozilla.org/en-US/firefox/76.0/releasenotes/
Dell OS Recovery Image Insecure Inherited Permissions
https://www.dell.com/support/article/de-de/sln321036/dsa-2020-059-dell-os-recovery-image-insecure-inherited-permissions-vulnerability?lang=en
WordPress Update
https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
May 5, 2020 • 5min
ISC StormCast for Tuesday, May 5th 2020
Exploring the Sysmon 11 File Deletion Protection
https://isc.sans.edu/forums/diary/Sysmon+and+File+Deletion/26084/
Digicert CT Compromise
https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/aKNbZuJzwfM
WebLogic Flaw (new one..) Exploited in the Wild
https://blogs.oracle.com/security/apply-april-2020-cpu
