SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
May 13, 2019 • 5min
ISC StormCast for Monday, May 13th 2019
DSSuite - A Docker Container with Didier's Tools
https://isc.sans.edu/forums/diary/DSSuite+A+Docker+Container+with+Didiers+Tools/24926/
Sqlite3 Vulnerability
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777
NVidia Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/4797
Windows 10 FIDO2 Certified
https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/
Google May Remove ADB Backup/Restore from Future Android Versions
https://www.xda-developers.com/adb-backup-and-restore-depreciated/
May 10, 2019 • 6min
ISC StormCast for Friday, May 10th 2019
US DHS Warns of North Korean ELECTRICFISH Malware
https://www.us-cert.gov/ncas/analysis-reports/AR19-129A
Fake KeePass Site Spreading Malware
https://twitter.com/berkcgoksel/status/1125727590440931329
Google Android Security Bulletin
https://source.android.com/security/bulletin/2019-05-01
Three Anti-Virus Companies Breached
https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
May 9, 2019 • 6min
ISC StormCast for Thursday, May 9th 2019
EMail Roulette May 2019
https://isc.sans.edu/forums/diary/Email+roulette+May+2019/24918/
Turla Lightneuron
https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf
Alpine Linux Docker Image root User Hard Coded Credentials
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782
Worpress 5.2 Adds Digitially Signed Updates
https://wordpress.org/support/wordpress-version/version-5-2/
May 8, 2019 • 5min
ISC StormCast for Wednesday, May 8th 2019
Jenkins Exploit Mines Cryptocurrencies
https://isc.sans.edu/forums/diary/Vulnerable+Apache+Jenkins+exploited+in+the+wild/24916/
Confluence Vulnerablity Exploited to Delivery Cryptocurrency Miner with Rootkit
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-3396-redux-confluence-vulnerability-exploited-to-deliver-cryptocurrency-miner-with-rootkit/
Cisco Elastic Services Controller REST API Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass
Google Chrome History Manipulation Prevention
https://groups.google.com/a/chromium.org/forum/?#!msg/blink-dev/T8d4_BRb2xQ/WSdOiOFcBAAJ
May 7, 2019 • 6min
ISC StormCast for Tuesday, May 7th 2019
Decoding UTF-16 in UDF Files
https://isc.sans.edu/forums/diary/Text+and+TNULeNULxNULtNUL/24912/
VMWare Fusion 11 Guest VM RCE
https://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514/
Hackers Are Using Bad Passwords Too
https://www.ankitanubhav.info/post/c2bruting
Amazon S3 Discontinues Path Style Access
https://www.bleepingcomputer.com/news/security/amazon-to-disable-s3-path-style-access-used-to-bypass-censorship/
May 5, 2019 • 7min
ISC StormCast for Monday, May 6th 2019
Git Ransomware
https://www.theregister.co.uk/2019/05/03/git_ransomware_bitcoin/
DLink Ransomware Patch
https://eu.dlink.com/de/de/support/support-news/2019/february/28/dns320_trojan_cr1pttor
Jenkins Plugin Vulnerabilities
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/may/story-of-a-hundred-vulnerable-jenkins-plugins/
Malicious WPAD Domains
https://blog.redteam.pl/2019/05/badwpad-and-wpad-pl-wpadblocking-com.html
May 3, 2019 • 6min
ISC StormCast for Friday, May 3rd 2019
New SAP Exploits Used to Target Exposed
https://www.onapsis.com/10kblaze
Cisco Patches SSH Default Credential Vulnerability in Nexus 9000 Switches
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey
Current State of JavaScript Crypto Jacking
https://blog.malwarebytes.com/cybercrime/2019/05/cryptojacking-in-the-post-coinhive-era/
D-Link Camera Vulnerabilities
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
Securepairs Promotes "Right to Repair"
https://securepairs.org/
May 2, 2019 • 6min
ISC StormCast for Thursday, May 2nd 2019
RCE Vulnerability in Dell Support Assist
https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
Creston Multiple Vulnerabilities
https://www.crestron.com/en-US/Security/Security_Advisories
Polymorphic Skimmer Targeting 57 different Payment Gateways
https://labs.sansec.io/2019/04/29/polymorphic-skimmer-57-payment-gateways/
More Attacks Against S/Mime and PGP Signed Email
https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
May 1, 2019 • 6min
ISC StormCast for Wednesday, May 1st 2019
Sodinokibi Ransomware Exploits WebLogic Server Vulnerability
https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html
Facebook Leaking Sellers Exact Locations
https://www.7elements.co.uk/resources/blog/facebooks-burglary-shopping-list/
Revive Adserver Deserialization Vulnerability
https://www.revive-adserver.com/security/revive-sa-2019-001/
AutoMacTC: Automating Mac Forensics Triage
https://www.crowdstrike.com/blog/automating-mac-forensic-triage/
Kroll Artifact Parser And Extractor (KAPE)
https://learn.duffandphelps.com/kape
Apr 30, 2019 • 6min
ISC StormCast for Tuesday, April 30th 2019
iLnkP2P Allows Access To Millions of Security Cameras
https://hacked.camera
Windows 10 Users Not Applying October Update
https://reports.adduplex.com/#/r/2019-04
iFrame "Ransom Support" Attacks
https://blog.trendmicro.com/trendlabs-security-intelligence/tech-support-scam-employs-new-trick-by-using-iframe-to-freeze-browsers/
