SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Mar 23, 2020 • 7min
ISC StormCast for Monday, March 23rd 2020
More Covid19 Malware
https://isc.sans.edu/forums/diary/More+COVID19+Themed+Malware/25930/
Working Exploit for the Kr00k Wifi Exploit
https://hexway.io/research/r00kie-kr00kie/
ZDI Pwn2Own Results
https://www.zerodayinitiative.com/blog/2020/3/17/welcome-to-pwn2own-2020-the-schedule-and-live-results
Mar 20, 2020 • 5min
ISC StormCast for Friday, March 20th 2020
COVID-19 Themed Multistage Malware
https://isc.sans.edu/forums/diary/COVID19+Themed+Multistage+Malware/25922/
Cisco SD-WAN Patches
https://tools.cisco.com/security/center/publicationListing.x
oPatch Selling Patches for Windows 7
https://twitter.com/0patch/status/1240602635205586945
LDAPFragger: Bypassing network restrictions using LDAP attributes
https://research.nccgroup.com/2020/03/19/ldapfragger-bypassing-network-restrictions-using-ldap-attributes/
Mar 19, 2020 • 6min
ISC StormCast for Thursday, March 19th 2020
TrendMicro Update
https://success.trendmicro.com/solution/000245571
More VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2020-0005.html
EnigmaSpark Malware
https://securityintelligence.com/posts/EnigmaSpark-Politically-Themed-Cyber-Activity-Highlights-Regional-Opposition-to-Middle-East-Peace-Plan/
Recent Ransomware Trends
https://www.fireeye.com/blog/threat-research/2020/03/they-come-in-the-night-ransomware-deployment-trends.html
Mar 18, 2020 • 8min
ISC StormCast for Wednesday, March 18th 2020
A Quick Summary of Current Reflective DNS DDoS Attacks
https://isc.sans.edu/forums/diary/A+Quick+Summary+of+Current+Reflective+DNS+DDoS+Attacks/25916/
Trickbot gtag red5 distributed as DLL File
https://isc.sans.edu/forums/diary/Trickbot+gtag+red5+distributed+as+a+DLL+file/25918/
Is Cryptojacking Dead after Coinhive Shutdown
https://arxiv.org/pdf/2001.02975.pdf
Adobe Patches
https://helpx.adobe.com/security/products/acrobat/apsb20-13.html
Mar 17, 2020 • 6min
ISC StormCast for Tuesday, March 17th 2020
Desktop.ini as a post-exploitation tool
https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/
VMWAre Workstatation/Fusion Update
https://www.vmware.com/security/advisories/VMSA-2020-0004.html
Blackwater Malware Abuses Cloudflare Workers
https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/
tcpdump Heap Based Buffer Over-Read
https://nvd.nist.gov/vuln/detail/CVE-2018-19325
Slack Account Takevoer Bug
https://hackerone.com/reports/737140
Mar 16, 2020 • 7min
ISC StormCast for Monday, March 16th 2020
Phishing PDFs With Incremental Updates
https://isc.sans.edu/forums/diary/Phishing+PDF+With+Incremental+Updates/25904/
VPN Access and Active Monitoring
https://isc.sans.edu/forums/diary/VPN+Access+and+Activity+Monitoring/25906/
Capturing Invalid Ethernet Frames
https://isc.sans.edu/forums/diary/Not+all+Ethernet+NICs+are+Created+Equal+Trying+to+Capture+Invalid+Ethernet+Frames/25896/
Cookiethief Android Cookie Stealing Malware
https://securelist.com/cookiethief/96332/
SANS Security Awareness Deployment Kit for Securing Your Workforce at Home
https://www.sans.org/webcasts/113875
Mar 13, 2020 • 7min
ISC StormCast for Friday, March 13th 2020
Microsoft Releases Patch for Windows SMBv3 Compression Vulnerability CVE-2020-0796
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
Hancitor Distributed Through Coronavirus-Themed Malspam
https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/
Avast Removes Vulnerable JavaScript Emulator From Products
https://github.com/taviso/avscript
Checkra1n Exploit Works Against T2 Equipped Macs
https://www.idownloadblog.com/2020/03/10/luca-todesco-teases-checkra1n-hacks-on-a-t2-equipped-macbook-pros-touch-bar/
Mar 12, 2020 • 6min
ISC StormCast for Thursday, March 12th 2020
Mystery SMB3 Flaw Update
https://isc.sans.edu/forums/diary/Critical+SMBv3+Vulnerability+Remote+Code+Execution/25890/
COVID19 Malware
https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/
Agent Tesla Spread by Fake Canon EOS Notification Email
https://isc.sans.edu/forums/diary/Agent+Tesla+Delivered+via+Fake+Canon+EOS+Notification+on+Free+OwnCloud+Account/25884/
Mar 11, 2020 • 5min
ISC StormCast for Wednesday, March 11th 2020
Microsoft Patch Tuesday
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005
https://isc.sans.edu/diary.html?storyid=25886
Mar 10, 2020 • 7min
ISC StormCast for Tuesday, March 10th 2020
Malicious Spreadsheet With Data Connection and Excel 4 Macros
https://isc.sans.edu/forums/diary/Malicious+Spreadsheet+With+Data+Connection+and+Excel+4+Macros/25880/
Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors
https://mlq.me/download/takeaway.pdf
https://www.amd.com/en/corporate/product-security
Google Play Store Protect Fails Security Test
https://www.av-test.org/en/news/here-s-how-well-17-android-security-apps-provide-protection/
