SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Oct 30, 2023 • 6min
ISC StormCast for Monday, October 30th, 2023
Size Matters for Many Security Controls
https://isc.sans.edu/diary/Size%20Matters%20for%20Many%20Security%20Controls/30352
Spam or Phishing? Looking for Credentials and Passwords
https://isc.sans.edu/diary/Spam%20or%20Phishing%3F%20Looking%20for%20Credentials%20%26%20Passwords/30354
iOS Leaks MAC Address
https://www.youtube.com/watch?v=T3XABxNogTA
Zero Day Initiative Pwn2Own Summary
https://www.zerodayinitiative.com/blog/2023/10/24/pwn2own-toronto-2023-day-one-results
https://www.zerodayinitiative.com/blog/2023/10/25/pwn2own-toronto-2023-day-two-results
https://www.zerodayinitiative.com/blog/2023/10/26/pwn2own-toronto-2023-day-three-results
Microsoft Octo Tempest Writeup
https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/
Oct 27, 2023 • 6min
ISC StormCast for Friday, October 27th, 2023
Adventures in Validating IPv4 Addresses
https://isc.sans.edu/forums/diary/Adventures%20in%20Validating%20IPv4%20Addresses/30348/
BIG-IP Configuration Utility Unauthenticated Remote Code Execution
https://my.f5.com/manage/s/article/K000137353
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
iLeakage Vulnerability
https://ileakage.com/
Oct 26, 2023 • 6min
ISC StormCast for Thursday, October 26th, 2023
Apple Updates
https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20Releases%20iOS%2017.1%2C%20MacOS%2014.1%20and%20updates%20for%20older%20versions%20fixing%20exploited%20vulnerability/30344
Confluence Server Scans CVE-2023-22515
https://isc.sans.edu/diary/30342
Critical VMVware vCenter Patch CVE-2023-34048
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
Oct 25, 2023 • 6min
ISC StormCast for Wednesday, October 25th, 2023
Samsung Messages and Samsung Wallet briefly marked as 'harmful' by Google
https://9to5google.com/2023/10/23/samsung-messages-wallet-harmful-app-google/
OAuth Hijacking
https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts
Microsoft Exchange Server CVe-2023-36745 PoC
https://n1k0la-t.github.io/2023/10/24/Microsoft-Exchange-Server-CVE-2023-36745/
Citrix Bleed PoC CVe-2023-4966
https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
VMWare VRealize Exploit CVE-2023-34051 CVE0-2023-34052
https://www.vmware.com/security/advisories/VMSA-2023-0021.html
Oct 24, 2023 • 6min
ISC StormCast for Tuesday, October 24th, 2023
Apple TV IPv6 DoS
https://isc.sans.edu/diary/How%20an%20AppleTV%20may%20take%20down%20your%20%28%23IPv6%29%20network/30336
Squid Patches
https://github.com/squid-cache/squid/security/advisories
Critical Citrix Update
https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/
Cisco Vulnerablity Updates CVE-2023-20198
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
Oct 23, 2023 • 7min
ISC StormCast for Monday, October 23rd, 2023
base64dump.py Handles More Encodings Than Just BASE64
https://isc.sans.edu/diary/base64dump.py%20Handles%20More%20Encodings%20Than%20Just%20BASE64/30332
Stealing OAuth Tokens via Open Redirects
https://eval.blog/research/microsoft-account-token-leaks-in-harvest/
VMWare Patches
https://www.vmware.com/security/advisories.html
Solarwinds Patches
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm
Oct 20, 2023 • 7min
ISC StormCast for Friday, October 20th, 2023
Honeypot Update
https://github.com/DShield-ISC/dshield/blob/main/README.md
Malicious Keepass Ads
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website
Malicious JavaScript in Smart Contracts
https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16
Oct 19, 2023 • 6min
ISC StormCast for Thursday, October 19th, 2023
Hiding in Hex
https://isc.sans.edu/diary/Hiding%20in%20Hex/30322
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2023.html
Citrix Vulnerability Exploited CVE-2023-4966
https://www.mandiant.com/resources/blog/remediation-netscaler-adc-gateway-cve-2023-4966
Exposed Jupyter Notebooks Exploited
https://www.cadosecurity.com/qubitstrike-an-emerging-malware-campaign-targeting-jupyter-notebooks/
Oct 18, 2023 • 7min
ISC StormCast for Wednesday, October 18th, 2023
Topics discussed include changes to SMS delivery and its effects on MFA and phishing, a fake traffic ticket scam with QR codes, a vulnerability in Synology NAS, and a vulnerability in Milesight routers.
Oct 17, 2023 • 5min
ISC StormCast for Tuesday, October 17th, 2023
Are Typos Still relevant As An Indicator of Phishing
https://isc.sans.edu/diary/Are+typos+still+relevant+as+an+indicator+of+phishing/30316
Active Exploitation of Cisco ISO XE Software Web Management User Interface Vuln
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
Mail traffic to cancelled domain names
https://www.sidn.nl/en/nl-domain-name/mail-traffic-to-cancelled-domain-names
SAMBA Update
https://www.samba.org/samba/history/security.html
