SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Sep 5, 2018 • 5min
ISC StormCast for Thursday, September 6th 2018
MEGA Chrome Extension Replaced with Password Stealer
https://serhack.me/articles/mega-chrome-extension-hacked
Python Package Installer May Execute Code
https://github.com/mschwager/0wned
Windows Scheduler Exploit Used in the Wild
https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/
Where Have All My Certificates Gone?
https://isc.sans.edu/forums/diary/Where+have+all+my+Certificates+gone+And+when+do+they+expire/24066/
Sep 4, 2018 • 6min
ISC StormCast for Wednesday, September 5th 2018
Some More Interesting MicroTik Router Exploits
https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/
Exposed .git Directories
https://lynt.cz/blog/global-scan-exposed-git
SSL Certificates Expose Tor Servers
https://www.bleepingcomputer.com/news/security/public-ip-addresses-of-tor-sites-exposed-via-ssl-certificates/
Sep 4, 2018 • 5min
ISC StormCast for Tuesday, September 4th 2018
Reversing and Modifying the Medium Mobile App
https://hackernoon.com/dont-publish-yet-reverse-engineering-the-medium-app-and-making-all-stories-in-it-free-48c8f2695687
Active Directory Leaks via Azure
https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/
Google Restricts Tech Support Ads
https://www.blog.google/products/ads/restricting-ads-third-party-tech-support-services/?mod=article_inline
Sep 2, 2018 • 5min
ISC StormCast for Sunday, September 2nd 2018
OSX/MacOS and Dangerous of Custom URL Schemes
https://objective-see.com/blog/blog_0x38.html
Philips e-Alert Vulnerability
https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
Aug 30, 2018 • 6min
ISC StormCast for Friday, August 31st 2018
Cryptocoin Miners are More Popular Than Ever and Dominate in Attacks
https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050/
Cryptocoin Miners Deployed via Struts Vulnerability
https://www.volexity.com/blog/2018/08/27/active-exploitation-of-new-apache-struts-vulnerability-cve-2018-11776-deploys-cryptocurrency-miner/
Mimecast Identifies Weaknesses in Existing EMail Filters
https://www.mimecast.com/resources/ebooks/dates/2018/7/the-state-of-email-security-2018-report/
Android Leaks Information to Processes
https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/
Aug 29, 2018 • 6min
ISC StormCast for Thursday, August 30th 2018
More Octoprint Details
https://isc.sans.edu/forums/diary/3D+Printers+in+The+Wild+What+Can+Go+Wrong/24044/
Packagist Remote Code Injection Vulnerability
https://justi.cz/security/2018/08/28/packagist-org-rce.html
More OpenSSH User Enumeration Issues
http://seclists.org/oss-sec/2018/q3/180
Two new TPM Vulnerabilities
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-han.pdf
Aug 28, 2018 • 5min
ISC StormCast for Wednesday, August 29th 2018
Microsoft Windows Task Scheduler Local Privilege Escalation Vulnerability
https://www.kb.cert.org/vuls/id/906424
3D Printers Exposed to Internet
https://isc.sans.edu/forums/diary/OctoPrint+3D+Web+Interfaces+EXPOSED+Port+5000+default/24038/
Firefox Nightly Built Removes Trust From Symantec Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1460062
https://bugzilla.mozilla.org/show_bug.cgi?id=1484006
Aug 27, 2018 • 4min
ISC StormCast for Tuesday, August 28th 2018
H-Worm Variant Notes Infection Date in Registry
https://isc.sans.edu/forums/diary/When+was+this+machine+infected/24032/
CentOS / Ubuntu Turn Off Gnome "Bubblewrap" Sandbox
https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
Fortnite Android Arbitrary Code Install Vulnerability
https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
Aug 26, 2018 • 6min
ISC StormCast for Monday, August 27th 2018
Struts Exploits for CVE-2018-11776 on Github (there are more. just a sample)
https://github.com/mazen160/struts-pwn_CVE-2018-11776
https://github.com/jiguang7/CVE-2018-11776
Publisher Malware
https://isc.sans.edu/forums/diary/Microsoft+Publisher+Files+Delivering+Malware/24024/
https://isc.sans.edu/forums/diary/Microsoft+Publisher+malware+static+analysis/24026/
AT Commands
https://atcommands.org/atdb/vendors
Using a Microphone to Read Screen Content
https://www.cs.tau.ac.il/~tromer/synesthesia/synesthesia.pdf
Aug 23, 2018 • 6min
ISC StormCast for Friday, August 24th 2018
Simple Phishing Through formcrafts.com
https://isc.sans.edu/forums/diary/Simple+Phishing+Through+formcraftscom/24020/
Facebook's Onavo VPN removed from Apple AppStore
https://www.wsj.com/articles/facebook-to-remove-data-security-app-from-apple-store-1534975340?mod=e2tw (paywall)
https://medium.com/@chronic_9612/notes-on-analytics-and-tracking-in-onavo-protect-for-ios-904bdff346c0
Phishing False Alarm
https://www.cnn.com/2018/08/23/politics/dnc-hack-false-alarm/index.html
Fake Crypto Trading App Stealing Crypot Currency From Mac Users
https://www.businesswire.com/news/home/20180823005093/en/AppleJeus-Lazarus-Group-Hunts-Cryptocurrency-Exchanges-macOS
Intel Simplifies Microcode License
https://twitter.com/imadsousou/status/1032680311753072640
