SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Apr 27, 2017 • 6min
ISC StormCast for Thursday, April 27th 2017
Bots Disrupts US ISP
https://www.bleepingcomputer.com/news/security/us-isp-goes-down-as-two-malware-families-go-to-war-over-its-modems/
Samsung Smart TV Wi-Fi Direct Exploit
http://seclists.org/fulldisclosure/2017/Apr/101
Adobe Publishes ColdFusion Update
https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html
SNMP Misconfiguration Eliminates Community String Validation
https://stringbleed.github.io/#
Apr 26, 2017 • 6min
ISC StormCast for Wednesday, April 26th 2017
CAA Records and Certificate Issuance
https://isc.sans.edu/forums/diary/CAA+Records+and+Certificate+Issuance/22342/
Hyundai Blue Link Infomration Disclosure
https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed
HP, Philips, Fujitsu Display Software Privilege Escalation
http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html
Apr 25, 2017 • 5min
ISC StormCast for Tuesday, April 25th 2017
Android Malware MilyDoor Builds Backdoor Into Networks Via SSH/SOCKS
http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-android-malware-finds-successor-milkydoor/
Remote Code Execution Flaw in Squirrelmail
http://seclists.org/fulldisclosure/2017/Apr/81
Atlassian Confluence Update
https://confluence.atlassian.com/doc/confluence-security-advisory-2017-04-19-887071137.html
TCP Proxy Over Named Pipes / SMB
https://github.com/dxflatline/flatpipes
Apr 24, 2017 • 5min
ISC StormCast for Monday, April 24th 2017
Increase in Port 81 Traffic
https://isc.sans.edu/forums/diary/WTF+tcp+port+81/22332/
Analyzing a Document and Malware Trying to Exploit CVE-2017-0199 (HTA)
https://isc.sans.edu/forums/diary/Malicious+Documents+A+Bit+Of+News/22334/
DOUBLEPULSAR Detected on Tens of Thousands of Systems
http://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/
NVidia Includes Node.js Server With Drivers
http://blog.sec-consult.com/2017/04/application-whitelisting-application.html
Android SMSVova Spyware Survives in Google Play Store for 3 Years
https://www.zscaler.com/blogs/research/android-spyware-smsvova-posing-system-update-play-store
Apr 20, 2017 • 6min
ISC StormCast for Friday, April 21st 2017
Detecting Covert DNS Channels
https://isc.sans.edu/forums/diary/DNS+Query+Length+Because+Size+Does+Matter/22326/
Ambient Light Sensors May Become Accessible Via JavaScript
https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
BIND Name Server Update
https://kb.isc.org/article/AA-01491
Entropy As A Service
https://www.getnetrandom.com
Webcast: NoSQL Doesn't Make You NoVulnerable
https://www.sans.org/webcasts/nosql-doesnt-novulnerable-104897
Apr 20, 2017 • 6min
ISC StormCast for Thursday, April 20th 2017
Hunting and Analyzing Malicious Excel Files
https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Excel+Sheets/22322/
Bose May Be Spying on Listeners
https://www.scribd.com/document/345620278/Bose-Privacy-Complaint
Microsoft No-Password Sign In
https://blogs.technet.microsoft.com/enterprisemobility/2017/04/18/no-password-phone-sign-in-for-microsoft-accounts/
Owncloud/Nextcloud Bug Reports Include Passwords
https://blog.hboeck.de/archives/885-Passwords-in-the-Bug-Reports-OwncloudNextcloud.html
Fuzzing Used to Find a Tcpdump Vulnerability
https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/
DNS Homograph Detection
https://github.com/dutchcoders/homographs
For Friday's (and other upcoming webcasts), see
https://www.sans.org/webcasts
Apr 19, 2017 • 6min
ISC StormCast for Wednesday, April 19th 2017
Details about how to exploit CVE-2017-0199
https://rewtin.blogspot.com.au/2017/04/cve-2017-0199-practical-exploitation-poc.html
User Provided Patch To Help Update Old Operating Systems on New CPU
https://github.com/zeffy/kb4012218-19
Forensics Tools and Issues With Windows 10 Compact OS
https://www.heise.de/security/artikel/Forensik-Tools-patzen-bei-neuer-Windows-Kompression-3676075.html
Apr 18, 2017 • 7min
ISC StormCast for Tuesday, April 18th 2017
Detecting IDN Phishing Domains
https://isc.sans.edu/forums/diary/Tool+to+Detect+Active+Phishing+Attacks+Using+Unicode+LookAlike+Domains/22310/
Old Linux Kernel Bug Allows for Remote Code Execution via UDP
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191
Microsoft Edge JavaScript "fetch" Function Can Be Used to Leak User Data
http://mov.sx/2017/04/16/microsoft-edge-leaks-url.html
Apr 17, 2017 • 6min
ISC StormCast for Monday, April 17th 2017
Detecting SMB Cover Channel "Doublepulsar"
https://isc.sans.edu/forums/diary/Detecting+SMB+Covert+Channel+Double+Pulsar/22312/
ETERNALBLUE: Windows SMBv1 Exploit
https://isc.sans.edu/forums/diary/ETERNALBLUE+Windows+SMBv1+Exploit+Patched/22304/
Apr 14, 2017 • 6min
ISC StormCast for Friday, April 14th 2017
Packet Captures Filtered By Process
https://isc.sans.edu/forums/diary/Packet+Captures+Filtered+by+Process/22296/
C-LDAP Used to Amplify DDoS Attack
https://isc.sans.edu/forums/diary/Akamai+reports+UDP+DDOS+Using+CLDAP+reaching+24Gbps/22300/
Juniper Updates
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
SAP Patches Code Injection in TREX
https://erpscan.com/press-center/press-release/critical-vulnerability-affects-sap-hana-dozen-sap-applications/
More Details About Dallas Siren Hack
https://duo.com/blog/the-dallas-county-siren-hack
