SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Dec 14, 2017 • 5min
ISC StormCast for Thursday, December 14th 2017
Tracking Newly Registered Domains
https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/
Critical Palo Alto Firewall Flaws Allow RCE as root
http://seclists.org/fulldisclosure/2017/Dec/38
Hiding Changes from git-diff
https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/
Apple Airport Update
https://support.apple.com/en-us/HT208354
Dec 13, 2017 • 7min
ISC StormCast for Wednesday, December 13th 2017
Microsoft Patch Tuesday Summary
https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/
EV Certificate Model Broken?
https://stripe.ian.sh
ROBOT Attack Against TLS
https://robotattack.org
Dec 12, 2017 • 7min
ISC StormCast for Tuesday, December 12th 2017
Pornographic Spam Messages Used to Deliver Crypto Coin Miner
https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/
Microsoft Leaks Secret SSL Key For Dynamics 365
https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648
Proxy Botnet Used to Launch Variety of Web Application Attacks
https://news.drweb.com/show/?i=11627&lng=en
FoxIT Releases Utility to Recover Manipulated Windows Logs
https://github.com/fox-it/danderspritz-evtx
Dec 11, 2017 • 6min
ISC StormCast for Monday, December 11th 2017
Sometimes An RTF Document is Just an RTF Document
https://isc.sans.edu/forums/diary/Sometimes+its+a+dud/23115/
HP Keyboard Drivers Can Log Keystrokes
https://support.hp.com/us-en/document/c05827409
https://zwclose.github.io/HP-keylogger/
Android App Signature Bypass
https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures
MSFT Patches Antimalware Engine
https://portal.msrc.microsoft.com/en-US/eula
Dec 8, 2017 • 7min
ISC StormCast for Friday, December 8th 2017
Positive Technologies Demonstrates Intel ME Exploit at Blackhat Europe
https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf
Tracking Users Without GPS
http://ieeexplore.ieee.org/document/8038870/
Process Doppelgaenger Anti-Malware Bypass
https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
Friday Webcast About Recent OWASP Top 10 Update
https://www.sans.org/webcasts/owasp-top-10-2017-106560
Dec 6, 2017 • 6min
ISC StormCast for Thursday, December 7th 2017
Apple Updates Everything
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23107/
Do Not Trust Reverse DNS. And here is an example why
https://isc.sans.edu/forums/diary/PSA+Do+not+Trust+Reverse+DNS+and+why+does+an+address+resolve+to+localhost/23105/
NiceHash Hacked
https://www.reddit.com/r/NiceHash/comments/7i0s6o/official_press_release_statement_by_nicehash/
Dec 6, 2017 • 5min
ISC StormCast for Wednesday, December 6th 2017
AI.Type Data Exposed in MongoDB Database
https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-records
Mailsploit Makes it Easier to Spoof From Headers in E-Mails
https://www.mailsploit.com
StorageCrypt Ransomware Encrypts NAS Devices
https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/
Android December Update
https://source.android.com/security/bulletin/2017-12-01
Dec 5, 2017 • 7min
ISC StormCast for Tuesday, December 5th 2017
Incidence Response Using TheHive
https://isc.sans.edu/forums/diary/IR+using+the+Hive+Project/23099/
SSL/TLS For Scapy
https://github.com/tintinweb/scapy-ssl_tls
tvOS 11.2 Released (but no details about security content yet)
https://support.apple.com/en-us/HT201222
System Vendors Ship Laptops With Intel ME Disabled
https://www.reddit.com/r/linuxhardware/comments/7grglm/how_to_buy_a_dell_laptop_with_the_intel_me/
http://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan
Hacker Falsified Jail Records To Free Friend
https://www.justice.gov/usao-edmi/pr/ann-arbor-man-pleads-guilty-computer-intrusion-case
SeKey: Touch ID Control for ssh-agent
https://github.com/ntrippar/sekey
Dec 4, 2017 • 6min
ISC StormCast for Monday, December 4th 2017
Brazilian Banking Malware Uses UTF-16 Encoded .BAT File
https://isc.sans.edu/forums/diary/Phishing+campaign+uses+old+bat+script+to+spread+banking+malware+and+it+is+flying+under+the+radar/23091/
Phishing Abuse of JotForm
https://isc.sans.edu/forums/diary/Phishing+Kit+AbUsing+Cloud+Services/23089/
Apple Releases iOS 11.2
https://support.apple.com/en-us/HT201222
(no details live yet)
Critical Patch For RSA Authentication Agent
http://seclists.org/fulldisclosure/2017/Nov/46
https://community.rsa.com/community/products/securid/authentication-agent-web-apache
Slurp S3 Bucket Enumerator
https://github.com/bbb31/slurp.git
Dec 1, 2017 • 15min
ISC StormCast for Friday, December 1st 2017
More Malspam Pushing Emotet Malware
https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/
Google Chrome To Block Some Third Party Software Mid-2018
https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html
European Union Funds VLC Bug Bounty
https://joinup.ec.europa.eu/news/hackerone-vlc
STI Student Scott Perry: Virtual System Forensics
http://www.sans.org/reading-room/whitepapers/bestprac/exploring-effectiveness-approaches-discovering-acquiring-virtualized-servers-esxi-38155
