SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Jul 27, 2016 • 6min
ISC StormCast for Wednesday, July 27th 2016
DNS Cmd and Ctrl via AAAA Records
https://isc.sans.edu/forums/diary/Command+and+Control+Channels+Using+AAAA+DNS+Records/21301/
Microsoft Authenticator
https://blogs.technet.microsoft.com/enterprisemobility/2016/07/25/microsoft-authenticator-coming-august-15th/
WPAD May Leak HTTPS URLs
http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/
HOnions: Tor Servers To Discover Snooping Tor Nodes
https://regmedia.co.uk/2016/07/25/10_honions-sanatinia.pdf
Jul 26, 2016 • 5min
ISC StormCast for Tuesday, July 26th 2016
Python Malware - Part 4
https://isc.sans.edu/forums/diary/Python+Malware+Part+4/21297/
Powerware Decrypter
https://github.com/pan-unit42/public_tools/blob/master/powerware/powerware_decrypt.py
No More Ransomware
https://www.nomoreransom.org
Pangu iOS 9.3.3 Jailbrake
http://en.pangu.io
Safe Skies TSA Keys Duplicated
http://www.3ders.org/articles/20160725-hackers-create-3d-printed-tsa-safe-skies-master-key-for-luggage-release-blueprints.html
Jul 25, 2016 • 6min
ISC StormCast for Monday, July 25th 2016
NIST Digital Authentication Guide Preview
https://github.com/usnistgov/800-63-3
Powerware Ransomware Spoofing Locky
http://researchcenter.paloaltonetworks.com/2016/07/unit42-powerware-ransomware-spoofing-locky-malware-family/
SAP HANA Security Advisory
http://www.onapsis.com/research/security-advisories
Pokemon Go Forensics
https://www.gillware.com/forensics/blog/mobile-forensics/oh-no-pokemon-go-forensic-artifacts
Jul 22, 2016 • 5min
ISC StormCast for Friday, July 22nd 2016
A Practice ntds.dit File For Hash Extraction and Password Cracking
https://isc.sans.edu/forums/diary/Practice+ntdsdit+File/21287/
Mozilla Further Reducing Flash Content
https://blog.mozilla.org/futurereleases/2016/07/20/reducing-adobe-flash-usage-in-firefox/
Little Snitch Update
https://www.obdev.at/products/littlesnitch/releasenotes.html
PHP 7.0.9 / 5.6.24 Released (fixes httpoxy vulnerability)
http://php.net/ChangeLog-7.php#7.0.9
http://www.php.net/ChangeLog-5.php#5.6.24
Google Chrome Update
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Jul 21, 2016 • 5min
ISC StormCast for Thursday, July 21st 2016
Oracle Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
DNS Root Key Rotation
http://schd.ws/hosted_files/icann562016/60/Matt%20Larson%20ICANN56%20KSK%20roll%20briefing.pdf
Anti-Malware Codehooking Vulnerabilities
http://breakingmalware.com/vulnerabilities/captain-hook-pirating-avs-bypass-exploit-mitigations/
More Details Regaring Apple's Image I/O Vulnerablity
http://www.talosintelligence.com/reports/TALOS-2016-0171/
Hidden Backdoor in Dell Security Software
https://www.digitaldefense.com/ddi-six-discoveries/
Jul 20, 2016 • 5min
ISC StormCast for Wednesday, July 20th 2016
Objective Systems ASN1C Compiler Creates Vulnerable Code
https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080
Office Maldoc Analysis
https://isc.sans.edu/forums/diary/Office+Maldoc+Lets+Focus+on+the+VBA+Macros+Later/21275/
Defeating GMail's Malicious Macro Signatures
https://warroom.securestate.com/bypassing-gmails-malicious-macro-signatures/
Jul 19, 2016 • 6min
ISC StormCast for Tuesday, July 19th 2016
httpoxy Vulnerability
https://isc.sans.edu/forums/diary/HTTP+Proxy+Header+Vulnerability+httpoxy/21271/
Apple Security Updates
https://support.apple.com/en-us/HT201222
Toll Number Calling via Two Factor Authentication
https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/
Jul 18, 2016 • 6min
ISC StormCast for Monday, July 18th 2016
More Python Malware
Critical Juniper Vulnerability
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search
MS16-053 Included in Neutrino Exploit Kit
https://www.fireeye.com/blog/threat-research/2016/07/exploit_kits_quickly.html
SSH Username Disclosure
http://seclists.org/fulldisclosure/2016/Jul/51
Jul 15, 2016 • 5min
ISC StormCast for Friday, July 15th 2016
The Power of Web Shells
https://isc.sans.edu/forums/diary/The+Power+of+Web+Shells/21257/
Airtel India Intercepting Cloudflare Traffic
https://medium.com/@karthikb351/airtel-is-sniffing-and-censoring-cloudflares-traffic-in-india-and-they-don-t-even-know-it-90935f7f6d98#.g78ucnpo6
WordPress SEO Pack Plugin Persistent Cross Site Scripting
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_all_in_one_seo_pack_wordpress_plugin.html
Github Releases synsanity SYN Flood Defense
http://githubengineering.com/syn-flood-mitigation-with-synsanity/
MS16-094 Prevents Booting Linux On Microsoft Surface
http://www.theregister.co.uk/2016/07/15/windows_fix_closes_rt_unlock_loophole/
Jul 14, 2016 • 5min
ISC StormCast for Thursday, July 14th 2016
Hunting for Malicious Files with MISP + OSSEC
https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Files+with+MISP+OSSEC/21251/
Drupal: Patch released today to fix a highly critical RCE in contributed modules
https://isc.sans.edu/forums/diary/Drupal+Patch+released+today+to+fix+a+highly+critical+RCE+in+contributed+modules/21255/
Riffle anonymity network trying to compete with tor
http://people.csail.mit.edu/devadas/pubs/riffle.pdf
