SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Jul 9, 2017 • 6min
ISC StormCast for Monday, July 10th 2017
More DDoS Ransom Demands
https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/
Adversary Hunting With SOF-ELK
https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/
Petya Master Key Published
https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F
Template Attacks Against Critical Infrastructure
http://blog.talosintelligence.com/2017/07/template-injection.html
Jul 6, 2017 • 6min
ISC StormCast for Friday, July 7th 2017
Finding Odd Domain Names
https://isc.sans.edu/forums/diary/Selecting+domains+with+random+names/22580/
BitTorrent Sync 2.0 Log Files
https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Service+Part+2+Log+Files+artefacts/22582/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2
Finding Weak Password Hashing Algorithms Via Hash Collisions
https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/
BIND TSIG Exploit
http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf
Jul 5, 2017 • 5min
ISC StormCast for Thursday, July 6th 2017
AVTest Report: Ransomware not a big deal; Android/MacOS Catching up to Windows
https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf
Microsoft Will Prompt Users to Update Windows 10
https://support.microsoft.com/en-us/help/4023814
Bithumb Bitcoin Exchange Hacked (Article in Korean)
http://bithumb.cafe/archives/7329
Turkish Airlines and Emirates Remove Laptop Ban
http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/
Ukrainian Authorities Raid MeDoc (Article in Ukrainian)
https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/
Jul 4, 2017 • 6min
ISC StormCast for Wednesday, July 5th 2017
Microsoft Patches Skype Vulnerability
https://www.vulnerability-lab.com/get_content.php?id=2071
SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug)
https://github.com/systemd/systemd/issues/6237
Cisco Fixes SNMP Vulnerability in IOS and IOS XE
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Smartphones Can Be Compromised with shady replacement parts
https://iss.oy.ne.ro/Shattered
Siemens Fixes Intel AMT Bug
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf
Update For libgcrypt
https://www.ubuntuupdates.org/package/core/zesty/main/updates/libgcrypt20-dev
Jun 30, 2017 • 15min
ISC StormCast for Friday, June 30th 2017
Catching up With Blank Slate
https://isc.sans.edu/forums/diary/Catching+up+with+Blank+Slate+a+malspam+campaign+still+going+strong/22570/
Azure AD Connect Vulnerability
https://technet.microsoft.com/library/security/4033453.aspx#ID0EN
Exploit Available For Stack Clash Vulnerability
https://www.qualys.com/research/security-advisories/
Paul Herschberger: Data Breach Impact Estimation
https://www.sans.org/reading-room/whitepapers/dlp/data-breach-impact-estimation-37502
Jun 29, 2017 • 6min
ISC StormCast for Thursday, June 29th 2017
Petya Ransomware Update
https://isc.sans.edu/forums/diary/Petya+I+hardly+know+ya+an+ISC+update+on+the+20170627+ransomware+outbreak/22566/
Ubuntu systemd Vulnerability
https://www.ubuntu.com/usn/usn-3341-1/
Microsoft Will Include EMET in Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/
BGB Attacks Against Bitcoin
https://blog.acolyer.org/2017/06/27/hijacking-bitcoin-routing-attacks-on-cryptocurrencies/
Jun 28, 2017 • 5min
ISC StormCast for Wednesday, June 28th 2017
Petya/Goldeneye Variant Makes the Rounds
https://isc.sans.edu/forums/diary/Checking+out+the+new+Petya+variant/22562/
Jun 27, 2017 • 6min
ISC StormCast for Tuesday, June 27th 2017
Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud (Part 1)
https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Part+1/22554/
Ransomware Payment Spurres More DDoS Ransomware Attacks
https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/
Speed Trap Cameras in Australia Infected with WannaCrypt
http://www.camerassavelives.vic.gov.au/utility/latest+news/investigation+underway+into+cameras+affected+by+software+virus
More Vulnerablities in Windows Defender
https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2
npm Developer Accounts Reset After Password Reuse Discovery
https://github.com/ChALkeR/notes/blob/master/Gathering-weak-npm-credentials.md
Jun 25, 2017 • 7min
ISC StormCast for Monday, June 26th 2017
Fake DDoS Extortions Continue
https://isc.sans.edu/forums/diary/Fake+DDoS+Extortions+Continue+Please+Forward+Us+Any+Threats+You+Have+Received/22550/
Traveling with a Laptop
https://isc.sans.edu/forums/diary/Traveling+with+a+Laptop+Surviving+a+Laptop+Ban+How+to+Let+Go+of+Precious/22462/
Side Channel Attacks on the Cheap
https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf
Latest Locky Variant Hunting Down Windows XP Users
http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html
Windows Beta Builts and Source Code Leaked
http://www.theregister.co.uk/2017/06/23/windows_10_leak/
Jun 23, 2017 • 12min
ISC StormCast for Friday, June 23rd 2017
Obfuscating Without XOR
https://isc.sans.edu/forums/diary/Obfuscating+without+XOR/22544/
Airbnb OAUTH Token Theft
https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/
Critical Drupal Vulnerablity
https://www.drupal.org/SA-CORE-2017-003
Auditing Docker Containers
https://www.sans.org/reading-room/whitepapers/auditing/checklist-audit-docker-containers-37437
