SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Sep 5, 2017 • 6min
ISC StormCast for Tuesday, September 5th 2017
Locky Ransom Ware is Back and This Time Pretents to Be a Font
https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+HoeflerText+notifications+for+Chrome+and+FireFox/22776/
When is a PDF Just a PDF?
https://isc.sans.edu/forums/diary/It+is+a+resume+Part+1/22780/
Asterisk Vulnerable to RTPBleed
https://github.com/EnableSecurity/advisories/tree/master/ES2017-04-asterisk-rtp-bleed
Arris AT&T Modems With Backdoor
https://www.nomotion.net/blog/sharknatto/
Sep 1, 2017 • 14min
ISC StormCast for Friday, September 1st 2017
Is Remote Work Feasible in a SOC?
https://isc.sans.edu/forums/diary/Remote+SOC+Workers+Concerns/22772/
Linux Random Number Generator Reviewed
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5
Adobe Acrobat and Reader Security Patch
https://blogs.adobe.com/psirt/?p=1484
Turning Speakers into Microphones
https://www.usenix.org/system/files/conference/woot17/woot17-paper-guri.pdf
Aug 30, 2017 • 6min
ISC StormCast for Thursday, August 31st 2017
IoT Gear Affected by ConnMan Vulnerablity
http://connmando.nri-secure.co.jp/index.html
Trickbot Going After Coinbase
https://blogs.forcepoint.com/security-labs/trickbot-goes-after-cryptocurrency
Pacemakers Need Patch
https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm
Inaudible Voice Commands
https://arxiv.org/pdf/1708.07238.pdf
Aug 30, 2017 • 6min
ISC StormCast for Wednesday, August 30th 2017
Another Chrome Extension Banking Malware
https://isc.sans.edu/forums/diary/Second+Google+Chrome+Extension+Banker+Malware+in+Two+Weeks/22766/
Vulnerable Docker VM
https://www.notsosecure.com/vulnerable-docker-vm/
Large Spam E-Mail and Password List Discovered
https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/
Aug 29, 2017 • 6min
ISC StormCast for Tuesday, August 29th 2017
Survey of Recent DVR Attacks
https://isc.sans.edu/forums/diary/An+Update+On+DVR+Malware+A+DVR+Torture+Chamber/22762/
Disabling Intel ME
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
Wire-X Takedown
https://blogs.akamai.com/2017/08/the-wirex-botnet-an-example-of-cross-organizational-cooperation.html
Aug 28, 2017 • 7min
ISC StormCast for Monday, August 28th 2017
Analyzing 7zip Malware
https://isc.sans.edu/forums/diary/Malware+analysis+searching+for+dots/22758/
Worldwide DNS Manipulation Survey
https://people.eecs.berkeley.edu/~pearce/papers/dns_usenix_2017.pdf
Sophos Withdraws UTM Update
https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-503-released
Crypto Currency Malware
https://resources.netskope.com/h/i/361264722-coin-mining-malware-heads-to-the-cloud-with-zminer
Aug 25, 2017 • 12min
ISC StormCast for Friday, August 25th 2017
Critical HPE iLo Vulnerability
http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769en_us
Facebook Messenger Spam Leads to Malware
https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-messenger/81590/
iOS 10.3.1 Kernel Exploit Released
https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/
Samsung Bricks Smart TVs With Update
https://eu.community.samsung.com/t5/TV-Audio-Video/Samsung-MU-Series-2017-Smart-TV-s-will-do-nothing-after-Samsung/td-p/250277
John Bambenek's DGA Feeds
http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt
Aug 24, 2017 • 6min
ISC StormCast for Thursday, August 24th 2017
Malware Loading Avast Safe Zone Browser
https://isc.sans.edu/forums/diary/Malicious+script+dropping+an+executable+signed+by+Avast/22748/
Ropemaker E-Mail Content
https://www.mimecast.com/globalassets/documents/whitepapers/wp_the_ropemaker_email_exploit.pdf
Cloud Based Accounts Increasingly a Target
https://www.microsoft.com/en-us/security/intelligence-report
More Malware Found At Ukraining Accounting Software Makers
https://issp.ua/issp_system_images/UPD_samples_analysis_eng.pdf
Aug 23, 2017 • 5min
ISC StormCast for Wednesday, August 23rd 2017
Elcomsoft Releases Ability to Retrieve Apple Keychain from iCloud
https://www.elcomsoft.com/eppb.html
Mapping Rooms With Smart Speakers
http://musicattacks.cs.washington.edu/activity-information-leakage.pdf
Netcraft Identifies .fish Domain Used For Phishing
https://news.netcraft.com/archives/2017/08/21/first-fishy-phishing-sites-sighted.html
Aug 22, 2017 • 6min
ISC StormCast for Tuesday, August 22nd 2017
Hackers Scam $ 500,000 From Enigma Digital Currency Investors
http://www.theregister.co.uk/2017/08/21/enigma_digital_currency_investors_scammed/
Bitcoin Privacy Threats
https://arxiv.org/abs/1708.04748
$500 iPhone PIN Brute Forcing Box
https://www.youtube.com/watch?v=IXglwbyMydM
SyncCrypt Bypasses Antivirus Filters With Images
https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/
