SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Aug 22, 2018 • 5min
ISC StormCast for Thursday, August 23rd 2018
New Critical Apache Struts Vulnerability (CVE-2018-11776)
https://semmle.com/news/apache-struts-CVE-2018-11776
https://cwiki.apache.org/confluence/display/WW/S2-057
Hardening Apache Struts With SELinux
https://doublepulsar.com/hardening-apache-struts-with-selinux-db3a9cd1a10c?gi=f23fc884264a
Ghostscript Code Execution Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1640
Photoshop CC Patch
https://helpx.adobe.com/security/products/photoshop/apsb18-28.html
Aug 21, 2018 • 5min
ISC StormCast for Wednesday, August 22nd 2018
Malicious DDL Loaded Through AutoIT
https://isc.sans.edu/forums/diary/Malicious+DLL+Loaded+Through+AutoIT/24008/
Traefik Fixes TLS Private Key Exposure
https://github.com/containous/traefik/issues/3651
TLS Certificates Survive Domain Ownership
https://insecure.design
Intel Microcode License Update Causes Problems for Debian Linux
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158#14
Aug 20, 2018 • 5min
ISC StormCast for Tuesday, August 21st 2018
Regular Expression DDoS in Javascript
http://mp.binaervarianz.de/ReDoS_TR_Dec2017.pdf
OpenSSH User Enumeration Update
https://isc.sans.edu/forums/diary/OpenSSH+user+enumeration+CVE201815473/24004
Turning (Page) Tables Exploit Technique
https://cdn2.hubspot.net/hubfs/487909/Turning%20(Page)%20Tables_Slides.pdf
Aug 19, 2018 • 6min
ISC StormCast for Monday, August 20th 2018
Fragmentsmack Summary
https://isc.sans.edu/forums/diary/Back+to+the+90s+FragmentSmack/23998/
HP Does Not Release Patches for Non-Windows Users
https://www.intego.com/mac-security-blog/exclusive-hp-leaves-mac-users-vulnerable-to-fax-hacks/
More about VB Script 0-Day Vulnerability and "Dark Hotel" (chinese only)
https://ti.360.net/blog/articles/analyzing-attack-of-cve-2018-8373-and-darkhotel/
https://blog.trendmicro.com/trendlabs-security-intelligence/use-after-free-uaf-vulnerability-cve-2018-8373-in-vbscript-engine-affects-internet-explorer-to-run-shellcode/
PHP Deserialization Vulnerability Code Execution
https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf?
Aug 17, 2018 • 7min
ISC StormCast for Friday, August 17th 2018
Anonymize PCAPS
https://isc.sans.edu/forums/diary/Truncating+Payloads+and+Anonymizing+PCAP+files/23990/
OpenSSH User Enumeration Vulnerability
http://seclists.org/oss-sec/2018/q3/124
VoiceXML XML External Entity Vulnerability
https://hackerone.com/reports/395296
Skimreaper Credit Card Skimmer Detector
http://skimreaper.com
Aug 16, 2018 • 6min
ISC StormCast for Thursday, August 16th 2018
Password Protected Word Documents Push AZORult and Hermes Ransomware
https://isc.sans.edu/forums/diary/More+malspam+pushing+passwordprotected+Word+docs+for+AZORult+and+Hermes+Ransomware/23992/
Linux IP Fragmentation DoS
https://www.kb.cert.org/vuls/id/641765
Scripting Mouse Clicks to Bypass macOS Security
https://speakerdeck.com/patrickwardle/the-mouse-is-mightier-than-the-sword
Concentration of Coinhive Miners
https://arxiv.org/pdf/1808.00811.pdf
Aug 15, 2018 • 6min
ISC StormCast for Wednesday, August 15th 2018
Microsoft Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Microsoft+August+2018+Patch+Tuesday/23986/
Oracle Database Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html
Intel Fixes Three More CPU Flaws
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
Aug 14, 2018 • 5min
ISC StormCast for Tuesday, August 14th 2018
New Sextorition Wave Using Partial Phone Numbers
New Extortion Tricks: Now Including Your (Partial) Phone Number!
Intel Releases Patch for Puma Modem Chips
https://www.dslreports.com/forum/r32071020-Internet-Rogers-modem-router-rebooting-on-wan-scans-by-design
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-000097.html
Bluetooth Low Energy Attack Tool
https://github.com/virtualabs/btlejack
Tesla Will Fix Cars if Researcher Breaks it While Hacking
https://twitter.com/bitquark/status/1028373178421309440
Aug 13, 2018 • 6min
ISC StormCast for Monday, August 13th 2018
VIA C3 "God Mode"
https://github.com/xoreaxeaxeax/rosenbridge
Apple MDM Vulnerablity
https://www.wired.com/story/mac-remote-hack-wifi-enterprise/
Peeking into MSG Files
https://isc.sans.edu/forums/diary/Peeking+into+msg+files+revisited/23974/
Hunting SSL/TLS Clients Using JA3
https://isc.sans.edu/forums/diary/Hunting+SSLTLS+clients+using+JA3/23972/
Mobile Payment Terminal Vulnerabilities
https://www.blackhat.com/us-18/briefings.html#for-the-love-of-money-finding-and-exploiting-vulnerabilities-in-mobile-point-of-sales-systems
Aug 10, 2018 • 5min
ISC StormCast for Friday, August 10th 2018
Vulnerabilities in Pacemaker Programmer and Insulin Pumps
https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/
"Panic Attacks" Against City Infrastructure
https://www.bbc.com/news/technology-45128053
Kaspersky VPN Leaks DNS Traffic
https://www.inputzero.io/2018/08/kaspersky-vpn-leaks-dns-address.html
Osiris Dropper Uses Process Dopplegaenging
https://blog.malwarebytes.com/threat-analysis/2018/08/osiris-using-process-doppelganging/
