SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Oct 30, 2017 • 6min
ISC StormCast for Tuesday, October 31st 2017
Google Chrome Moving Away from HTTPS Public Key Pinning (HPKP)
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ
Effort To Remove Trust From Dutch CA Over New Intercept Law
https://bugzilla.mozilla.org/show_bug.cgi?id=1408647
Crypto Coin Mining Feature Found in Google App Store Downloads
http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/
Oct 29, 2017 • 5min
ISC StormCast for Monday, October 30th 2017
Critical New Oracle Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html
CatchAll Google Chrome Plugins
https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/
ACE Files Used For Malware
https://isc.sans.edu/forums/diary/Remember+ACE+files/22978/
Oct 26, 2017 • 6min
ISC StormCast for Friday, October 27th 2017
Results of Kaspersky's Internal Investigation
https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/
Infineon Bug Testing Tool
https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py
https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc
Micropatch Available for "DDE Vulnerability"
https://0patch.blogspot.com/2017/10/0patching-office-dde-ddeauto.html
Finding Cryptocurrency Miners
https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157
Oct 25, 2017 • 6min
ISC StormCast for Thursday, October 26th 2017
Coinhive Domain Compromise
https://coinhive.com/blog/dns-breach
Dell Loses Control of Backup and Recovery Cloud Storage Domain
https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/#more-41267
Google ReCaptcha Broken
https://github.com/ecthros/uncaptcha
Users in Iran Targeted by Cryptoransomware Masquerading as VPN
https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/
Crypto Currency Phishing
https://www.dearbytes.com/blog/cryptocurrency-phishing/
Oct 24, 2017 • 5min
ISC StormCast for Wednesday, October 25th 2017
Stop Relying on File Extensions
https://isc.sans.edu/forums/diary/Stop+relying+on+file+extensions/22962/
BadRabbit New Ransomware Wave Hitting Russia and Ukraine
https://isc.sans.edu/forums/diary/BadRabbit+New+ransomware+wave+hitting+RU+UA/22964/
https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/
Over 70% Of Web Traffic Now via TLS
https://transparencyreport.google.com/https/overview?hl=en
Static RNG Seeds in Fortinet Devices
https://duhkattack.com
Oct 23, 2017 • 6min
ISC StormCast for Tuesday, October 24th 2017
Is a Telco in Brazil Hosing An Epidemic of Open SOCKS Proxies?
https://isc.sans.edu/forums/diary/Is+a+telco+in+Brazil+hosting+an+epidemic+of+open+SOCKS+proxies/22956/
Android May Be Adding DNS Over TLS
https://www.xda-developers.com
https://tools.ietf.org/html/rfc7858
Fake Crypto Currency Trading Applications
https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/
Oct 22, 2017 • 6min
ISC StormCast for Sunday, October 22nd 2017
IoT "Reaper" Botnet
http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/
https://research.checkpoint.com/new-iot-botnet-storm-coming/
Elmedia Player and Folx Infected with Proton Malware
https://www.eltima.com/blog/2017/10/elmedia-player-and-folx-malware-threat-neutralized.html
Google Expands Bug Bounty To Popular Android Apps
https://www.google.com/about/appsecurity/play-rewards/index.html
Increased Use of Last Week's Flash Vulnerability
https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed
Oct 20, 2017 • 6min
ISC StormCast for Friday, October 20th 2017
Locky Ransomware Updates
https://isc.sans.edu/forums/diary/Necurs+Botnet+malspam+pushes+Locky+using+DDE+attack/22946/
https://isc.sans.edu/forums/diary/HSBCthemed+malspam+uses+ISO+attachments+to+push+Loki+Bot+malware/22942/
Authedmine To Replace Coinhive
https://coinhive.com/blog/authedmine
Attackers Scan for SSH Keys via Webexploits
https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/
Attacking Colocated Virtual Machines with Rowhammer
https://thisissecurity.stormshield.com/2017/10/19/attacking-co-hosted-vm-hacker-hammer-two-memory-modules/
Oct 19, 2017 • 5min
ISC StormCast for Thursday, October 19th 2017
Baselining Servers to Detect Outliers
https://isc.sans.edu/forums/diary/Baselining+Servers+to+Detect+Outliers/22940/
Test Script Available for KRACK Vulnerability
https://github.com/vanhoefm/krackattacks-test-ap-ft
WaterMiner Distributed With Gaming Mods
https://minerva-labs.com/post/waterminer-a-new-evasive-crypto-miner
Microsoft Releases Fall Creators Update
https://blogs.windows.com/windowsexperience/2017/10/17/whats-new-windows-10-fall-creators-update/#76CQXoUYxT81RLJi.97
Oct 18, 2017 • 5min
ISC StormCast for Wednesday, October 18th 2017
Hancitor Malspam Uses DDE Attack To Spread Banking Malware
https://isc.sans.edu/forums/diary/Hancitor+malspam+uses+DDE+attack/22936/
Infineon RSA Key Generation Weakness
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
Chrome Improving Security
https://www.blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/
