SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrich

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Episodes

Mentioned books

Apr 7, 2023 • 7min

ISC StormCast for Friday, April 7th, 2023

Self Extracting Archives https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads/ loldrivers https://www.loldrivers.io Trellix Privilege Escalation https://kcm.trellix.com/corporate/index?page=content&id=SB10396 HP LaserJet Vuln. https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838

Apr 6, 2023 • 7min

ISC StormCast for Thursday, April 6th, 2023

Exploration of DShield Cowrie Data with jq https://isc.sans.edu/diary/Exploration%20of%20DShield%20Cowrie%20Data%20with%20jq/29714 NEXX Garage Door Vulnerability https://medium.com/@samsabetan/the-uninvited-guest-idors-garage-doors-and-stolen-secrets-e4b49e02dadc OneNote Changes https://learn.microsoft.com/en-us/deployoffice/security/onenote-extension-block MSFT Changes to Auto-Update https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3060 NPM Spam DDoS Attacks https://www.helpnetsecurity.com/2023/04/05/flood-of-malicious-packages-results-in-npm-registry-dos/

Apr 5, 2023 • 6min

ISC StormCast for Wednesday, April 5th, 2023

Analyzing the efile.com Malware https://isc.sans.edu/diary/Analyzing+the+efilecom+Malware+efail/29712 ALPHV Ransomware Targets Backup Installations https://www.mandiant.com/resources/blog/alphv-ransomware-backup Sophos Web Appliance Vulnerability (and EoL) https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce Zimbra Exploited in Targeted Attacks https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability

Apr 4, 2023 • 8min

ISC StormCast for Tuesday, April 4th, 2023

efile.com compromise https://isc.sans.edu/forums/diary/Supply%20Chain%20Compromise%20or%20False%20Positive%3A%20The%20Intriguing%20Case%20of%20efile.com%20%5Bupdated%20-%20confirmed%20malicious%20code%5D/29708/ Western Digital MyCloud Breach https://www.bleepingcomputer.com/news/security/western-digital-discloses-network-breach-my-cloud-service-down/ 3CX Compromise Affected Cryptocoin Exchanges https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/

Apr 3, 2023 • 6min

ISC StormCast for Monday, April 3rd, 2023

Use of X-Frame-Options and CSP frame-ancestors security headers https://isc.sans.edu/diary/Use%20of%20X-Frame-Options%20and%20CSP%20frame-ancestors%20security%20headers%20on%201%20million%20most%20popular%20domains/29698 oledump supporting MSI Files https://isc.sans.edu/diary/Update+oledump+MSI+Files/29700/ 3CX Update https://www.3cx.com/blog/news/chrome-blocks-latest-msi/ PinDuoDuo App shows anomalous behaviour https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html

Mar 31, 2023 • 6min

ISC StormCast for Friday, March 31st, 2023

Malicious 3CX Dekstop App Update Lifestream (Friday March 31st 1400 ET, 1800 UTC) https://www.youtube.com/watch?v=cCf3Km_j5bY 3CX Update: https://www.3cx.com/blog/news/desktopapp-security-alert/ SentinelOne: https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/ Objective-See Blog Post: https://objective-see.org/blog/blog_0x73.html Crowdstrike: https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ Bypassing PowerShell Strong Obfuscation https://isc.sans.edu/diary/Bypassing%20PowerShell%20Strong%20Obfuscation/29692

Mar 30, 2023 • 5min

ISC StormCast for Thursday, March 30th, 2023

Extracting Multiple Streams From OLE Files https://isc.sans.edu/diary/Extracting%20Multiple%20Streams%20From%20OLE%20Files/29688 3CXDesktop App Compromise https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ Microsoft Defender False Positives https://twitter.com/MSFT365Status/status/1641048649525260289 https://admin.microsoft.com/Adminportal/Home?ref=/servicehealth/:/alerts/DZ534539 (requires login) Active Exploitation of IBM Aspera Faspex CVE-2022-47986 https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/ QNAP Patch for sudo vulnerablity https://www.qnap.com/en/security-advisory/qsa-23-11

Mar 29, 2023 • 5min

ISC StormCast for Wednesday, March 29th, 2023

Network Data Collector Placement Makes a Difference https://isc.sans.edu/diary/Network%20Data%20Collector%20Placement%20Makes%20a%20Difference/29664 Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078 Bypassing Wi-Fi Encryption by Manipulating Transmit Queues https://papers.mathyvanhoef.com/usenix2023-wifi.pdf

Mar 28, 2023 • 5min

ISC StormCast for Tuesday, March 28th, 2023

Another Malicious HTA File Analysis Part 1 https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%201/29674 Apple Updates Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything%20%28including%20Studio%20Display%29/29682 MacStealer Malware Exfiltrates Mac Secrets https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware

Mar 27, 2023 • 5min

ISC StormCast for Monday, March 27th, 2023

Update for Windows Snipping Tool https://isc.sans.edu/diary/Microsoft%20Released%20an%20Update%20for%20Windows%20Snipping%20Tool%20Vulnerability/29670 GitHub Rotates SSH Keys https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ redis-py vulnerability leads to mixed up sessions, affects ChatGPT https://openai.com/blog/march-20-chatgpt-outage Linux Tech Tips YouTube Hack https://www.theverge.com/2023/3/23/23653115/linus-tech-tips-youtube-hack-crypto-scam https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434 CyberChef Update https://github.com/gchq/CyberChef/wiki/Character-encoding,-EOL-separators,-and-editor-features

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

App store banner

Play store banner