SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrich

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Episodes

Mentioned books

Jan 30, 2023 • 6min

ISC StormCast for Monday, January 30th, 2023

Microsoft Tips to Patch Your Exchange Servers https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001 FCC Treatens to Take Action Against Twilio over Robocalls https://www.fcc.gov/document/fcc-takes-mortgage-scam-robocall-campaign-targeting-homeowners PlugX Variant Spreads via USB https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/ Adware in Google Play Store https://news.drweb.com/show/review/?lng=en&i=14652 Tails 5.9 Update https://tails.boum.org/news/version_5.9/index.de.html

Jan 27, 2023 • 6min

ISC StormCast for Friday, January 27th, 2023

Live Linux IR with UAC https://isc.sans.edu/diary/Live%20Linux%20IR%20with%20UAC/29480 Bitwarden Phishing https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704 https://www.reddit.com/r/Bitwarden/comments/10k2aj5/google_search_ads_showing_fake_bitwarden_web/ PY#RATION Attack Campaign Leverages Fernet Encyrption and Websockets https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/ Skyhigh Security Secure Web Gateway: XSS in Single Sign On Plugin https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-002/-skyhigh-security-secure-web-gateway-cross-site-scripting-in-single-sign-on-plugin Windows Crypto API Vuln PoC https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689 BIND Patches https://kb.isc.org/docs/cve-2022-3094

Jan 26, 2023 • 6min

ISC StormCast for Thursday, January 26th, 2023

First Malicious OneNote Document https://isc.sans.edu/diary/A%20First%20Malicious%20OneNote%20Document/29470 Guidance for Securing Remote Monitoring and Management Software https://media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts https://www.darkreading.com/cloud/microsoft-azure-kerberos-attacks-open-cloud-accounts Microsoft Blocking XLL Files Downloaded From Internet https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=115485 Lexmark Vulnerablities https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf VMware VRealize Update https://www.vmware.com/security/advisories/VMSA-2023-0001.html

Jan 25, 2023 • 7min

ISC StormCast for Wednesday, January 25th, 2023

Apple Patch Summary https://isc.sans.edu/forums/diary/Apple%20Updates%20%28almost%29%20Everything%3A%20Patch%20Overview/29472/ ManageEngine News; https://github.com/vonahisec/CVE-2022-47966-Scan KSMBD Vulnerability https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/ BitWarden Server Side Iterations https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/ Packet Tuesday: Neighbor Advertisements https://www.youtube.com/watch?v=CoaZjuuY1do

Jan 24, 2023 • 6min

ISC StormCast for Tuesday, January 24th, 2023

Who's Resolving This Domain https://isc.sans.edu/forums/diary/Who's%20Resolving%20This%20Domain%3F/29462/ Apple Updates Everything https://support.apple.com/en-us/HT201222 NSA IPv6 Security Guidance https://media.defense.gov/2023/Jan/18/2003145994/-1/-1/0/CSI_IPV6_SECURITY_GUIDANCE.PDF Roaming Mantis Implements new DNS Changer in tis malicious mobile app https://thehackernews.com/2023/01/roaming-mantis-spreading-mobile-malware.html

Jan 23, 2023 • 6min

ISC StormCast for Monday, January 23rd, 2023

Imortance of Signing in Windows Environments https://isc.sans.edu/diary/Importance%20of%20signing%20in%20Windows%20environments/29456 FanDuel Discloses Data Breach Caused by Recent Mailchimp Hack https://www.bleepingcomputer.com/news/security/fanduel-discloses-data-breach-caused-by-recent-mailchimp-hack/ OneNote Documents Used to Embed Malicious Office Documents https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/ Cisco Unified Communications Manager SQL Injection https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n Possible KeePass Vulnerability https://twitter.com/vomanc/status/1617135599030530054

Jan 20, 2023 • 6min

ISC StormCast for Friday, January 20th, 2023

SPF and DMARC use on 100k most popular domains https://isc.sans.edu/diary/SPF%20and%20DMARC%20use%20on%20100k%20most%20popular%20domains/29452 Sysmon Exploit Released CVE-2022-41120, CVE-2022-44704 https://github.com/Wh04m1001/SysmonEoP ManageEngine CVE-2022-47966 Technical Deep Dive https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/ Netcomm Router Vulnerablities https://kb.cert.org/vuls/id/986018 Microsoft Pushes Outdated Office Install Check https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-kb5021751-to-check-for-outdated-office-installs/

Jan 19, 2023 • 6min

ISC StormCast for Thursday, January 19th, 2023

Malicious Google Ads for Fake Notepad++ Lead to Aurora Stealer https://isc.sans.edu/diary/Malicious%20Google%20Ad%20--%3E%20Fake%20Notepad%2B%2B%20Page%20--%3E%20Aurora%20Stealer%20malware/29448 Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujan2023.html QT QML Vulnerability https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml/ sudo sudoedit vulnerablity https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf

Jan 18, 2023 • 6min

ISC StormCast for Wednesday, January 18th, 2023

Finding that one GPO setting in a pool of hundreds of GPOs https://isc.sans.edu/diary/Finding%20that%20one%20GPO%20Setting%20in%20a%20Pool%20of%20Hundreds%20of%20GPOs/29442 GIT Code Audit https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif/ Azure SSRF Flaws https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/ SMB Insecure Guest Auth Off By Default In Windows 11 Pro https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-insecure-guest-auth-now-off-by-default-in-windows-insider/ba-p/3715014 Packet Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8

Jan 17, 2023 • 6min

ISC StormCast for Tuesday, January 17th, 2023

PSA: Why you must run an ad blocker when using Google https://isc.sans.edu/diary/PSA%3A%20Why%20you%20must%20run%20an%20ad%20blocker%20when%20using%20Google/29438 NortonLifeLock Password Manager Bruteforcing https://webcache.googleusercontent.com/search?q=cache%3A91Bmx_jTJIkJ%3Ahttps%3A%2F%2Fago.vermont.gov%2Fwp-content%2Fuploads%2F2023%2F01%2F2023-01-09-NortonLifeLock-Gen-Digital-Data-Breach-Notice-to-Consumers.pdf&cd=3&hl=de&ct=clnk&gl=de CVE-2023-0179 Linux kernel stack buffer overflow in nftables: PoC and writeup https://seclists.org/oss-sec/2023/q1/20 MSI (in)Secure Boot https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

App store banner

Play store banner