SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Jul 25, 2019 • 6min
ISC StormCast for Thursday, July 25th 2019
VLC not Vulnerable to libebml Vulnerablity
https://threader.app/thread/1153963312981389312
Cryptominer With BlueKeep Scanner
https://www.intezer.com/blog-watching-the-watchbog-new-bluekeep-scanner-and-linux-exploits/
Elasticsearch Vulnerabilities used to install DDoS Bot
https://blog.trendmicro.com/trendlabs-security-intelligence/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies/
May People Be Considered As IOC?
https://isc.sans.edu/forums/diary/May+People+Be+Considered+as+IOC/25166/
Jul 24, 2019 • 6min
ISC StormCast for Wednesday, July 24th 2019
TLS Configuration
https://isc.sans.edu/forums/diary/Verifying+SSLTLS+configuration+part+1/25162/
https://www.sans.org/webcasts/beast-poodle-celebrating-sweet32-111400
Apple Updates Everything
https://support.apple.com/en-us/HT201222
QNAP/Synology Update Security Advise
https://www.qnap.com/en-us/security-advisory/nas-201907-11
https://www.facebook.com/synologydeutschland/photos/a.1594837477441905/2417134061878905/
New Bluekeep Writeup
https://github.com/0xeb-bp/bluekeep
Jul 23, 2019 • 5min
ISC StormCast for Tuesday, July 23rd 2019
Analyzing Compressed PowerShell Scripts
https://isc.sans.edu/forums/diary/Analyzing+Compressed+PowerShell+Scripts/25158/
PaloAlto GlobalProtect PreAuth RCE
http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
Fortinet Vulnerability
https://fortiguard.com/psirt/FG-IR-19-144
ProFTPd Permission Bypass Vulnerability
https://tbspace.de/cve201912815proftpd.html
Jul 22, 2019 • 6min
ISC StormCast for Monday, July 22nd 2019
PHP Malware
https://isc.sans.edu/forums/diary/Malicious+PHP+Script+Back+on+Stage/25148/
Drupal Vulnerabilities
https://www.drupal.org/sa-core-2019-008
iNSYNQ Breach
https://www.insynq.com/support/#status
Jul 19, 2019 • 7min
ISC StormCast for Friday, July 19th 2019
802.1x Tips
https://isc.sans.edu/forums/diary/The+Other+Side+of+Critical+Control+1+8021x+Wired+Network+Access+Controls/25146/
Kazachstan TLS Interception
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wnuKAhACo3E/cpsvHgcuDwAJ
BEC Trends
https://www.fincen.gov/sites/default/files/shared/FinCEN_Financial_Trend_Analysis_FINAL_508.pdf
Cyclance Weakness
https://skylightcyber.com/2019/07/18/cylance-i-kill-you/
Jul 18, 2019 • 6min
ISC StormCast for Thursday, July 18th 2019
Analysis of DNS TXT Records
https://isc.sans.edu/forums/diary/Analyzis+of+DNS+TXT+Records/25142/
Evil Gnome Linux Malware
https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/
New American Express Phishing Attacks
https://cofense.com/phishing-attacker-takes-american-express-victims-credentials/
Jul 17, 2019 • 6min
ISC StormCast for Wednesday, July 17th 2019
Zoom/Apple Patches Additional Software
https://www.theverge.com/2019/7/16/20696529/apple-mac-silent-update-zoom-ringcentral-zhumu-vulnerabilty-patched
Lenovo/IOMega NAS API Vulnerability
https://www.theregister.co.uk/2019/07/16/iomega_nas_boxes/
Amadeus Vulnerability Allows Access to Boarding Passes
https://www.7elements.co.uk/resources/technical-advisories/insecure-direct-object-reference-within-amadeus-check-in-application/
FBI Releases GandGrab Master Keys
https://www.documentcloud.org/documents/6199678-GandCrab-Master-Decryption-Keys-FLASH.html
Android Media File Jacking
https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media
Jul 16, 2019 • 7min
ISC StormCast for Tuesday, July 16th 2019
isodump.py and malicious ISO files
https://isc.sans.edu/forums/diary/isodumppy+and+Malicious+ISO+Files/25134/
Atlassian Crowd Vulnerability Details
https://www.corben.io/atlassian-crowd-rce/
Scrapy Vulnerabilities
https://medium.com/alertot/web-scraping-considered-dangerous-leaking-files-from-the-spiders-host-bd508f81d498
iOS URL Scheme Susceptible to Hijacking
https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/
Jul 15, 2019 • 6min
ISC StormCast for Monday, July 15th 2019
Magecart Targets S3 Buckets
https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/
Atlassian Jira Vulnerability
https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html
Microsoft to Detect Phishing in Forms
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=52927
Tracking Anonymized Bluetooth Devices
https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf
Jul 12, 2019 • 13min
ISC StormCast for Friday, July 12th 2019
Analysis of a Recent AZORult Sample
https://isc.sans.edu/forums/diary/Recent+AZORult+activity/25120/
Apple Delete Zoom Web Server
https://www.macrumors.com/2019/07/10/apple-update-remove-zoom-server/
Apple Disables Walkie Talkie App
https://techcrunch.com/2019/07/10/apple-disables-walkie-talkie-app-due-to-vulnerability-that-could-allow-iphone-eavesdropping/
Windows PXE Devices May Fail to Boot After Recent Update
https://support.microsoft.com/en-in/help/4512816/devices-that-start-up-using-preboot-execution-environment-pxe-images-f
Sean Goodwin: Attackers Inside the WAlls: Detecting Malicious Activity
https://www.sans.org/reading-room/whitepapers/detection/paper/39055
