SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Jul 28, 2022 • 6min
ISC StormCast for Thursday, July 28th, 2022
IcedID (BokBot) with Dark VNC and Cobalt Strike
https://isc.sans.edu/diary//28884
Web Assembly Crypto Miners
https://blog.sucuri.net/2022/07/cryptominers-webassembly-in-website-malware.html
Subzero and Knotweed
https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/
Jul 27, 2022 • 6min
ISC StormCast for Wednesday, July 27th, 2022
How is Your macOS Security Posture
https://isc.sans.edu/diary/How+is+Your+macOS+Security+Posture%3F/28882
Registry file with Executable Payload
https://www.x86matthew.com/view_post?id=embed_exe_reg
Targeted Phishing of Facebook Business Users
https://labs.withsecure.com/assets/BlogFiles/Publications/WithSecure_Research_DUCKTAIL.pdf
Forwarding Address is Hard
https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
Jul 26, 2022 • 7min
ISC StormCast for Tuesday, July 26th, 2022
PowerShell Script with Fileless Capability
https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878
With Management Comes Risk: Finding Flaws in Filewave MDM
https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
Jul 25, 2022 • 6min
ISC StormCast for Monday, July 25th, 2022
An Analysis of a Discerning Phishing Website
https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870
Sonicwall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007
Sh*load Exploids Episdoe V: Return of the Error
https://dellfer.com/shload-exploits-episode-v-return-of-the-error/
Jul 22, 2022 • 6min
ISC StormCast for Friday, July 22nd, 2022
Maldoc with non-ASCII VBA Identifiers
https://isc.sans.edu/diary/Maldoc%3A+non-ASCII+VBA+Identifiers/28866
Cisco Security Updates
https://tools.cisco.com/security/center/publicationListing.x?
Outlook 365 Odd Supicious Login Attempt Warnings
https://www.theregister.com/2022/07/21/outlook_sign_ins/
Windows RDP Brute Force Protection
https://twitter.com/dwizzzleMSFT/status/1549870156771340288
Microsoft resuming blocking macros
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
Jul 21, 2022 • 6min
ISC StormCast for Thursday, July 21st, 2022
Malicious Python Script Behaving Like a Rubber Ducky
https://isc.sans.edu/diary/Malicious+Python+Script+Behaving+Like+a+Rubber+Ducky/28860
Apple Patches Everything
https://isc.sans.edu/diary/Apple+Patches+Everything+Day/28862
Confluence Atlasian Hard Coded Password
https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html
Zyxel Vulnerablity
https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml
DNS over HTTP/3
https://security.googleblog.com/2022/07/dns-over-http3-in-android.html
Jul 20, 2022 • 7min
ISC StormCast for Wednesday, July 20th, 2022
Beacon Request
https://isc.sans.edu/diary/Requests+For+beacon.http-get.+Help+Us+Figure+Out+What+They+Are+Looking+For/28856
Oracle July 2022 CPU
https://www.oracle.com/security-alerts/cpujul2022.html
CloudMensis MacOS Spyware
https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/
GPS Tracker Vulnerabilities
https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf
Jul 19, 2022 • 6min
ISC StormCast for Tuesday, July 19th, 2022
Adding Your Own Keywords to My PDF Tools
https://isc.sans.edu/diary/Adding+Your+Own+Keywords+To+My+PDF+Tools/28852
Tor Improvements
https://blog.torproject.org/new-release-tor-browser-115/
Trojan Horse Malware Password Cracker
https://www.dragos.com/blog/the-trojan-horse-malware-password-cracking-ecosystem-targeting-industrial-operators/
CVE-2022-33891 Apache Spark Shell Command Injection Vulnerability
https://securityonline.info/cve-2022-33891-apache-spark-shell-command-injection-vulnerability/
Juniper Junos Vulnerabilities
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=[Security%20Advisories]
Jul 18, 2022 • 5min
ISC StormCast for Monday, July 18th, 2022
Python: Files in Use By Another Process
https://isc.sans.edu/diary/Python%3A+Files+In+Use+By+Another+Process/28848
Google Removing App Permissions List for Data Safety
https://twitter.com/MishaalRahman/status/1547307555407421443
Google Play Malware
https://twitter.com/IngraoMaxime/status/1547164768401858560
Faking Github Metadata
https://checkmarx.com/blog/unverified-commits-are-you-unknowingly-trusting-attackers-code/
Jul 15, 2022 • 7min
ISC StormCast for Friday, July 15th, 2022
Debugging Broadcast Storms
https://isc.sans.edu/diary/A+%22DHCP+is+Broken%22+story%2C+and+a+Blast+from+the+Past+%28or+should+I+say+%22Storm%22+from+the+past%29/28844
Targeted Deanonymization via Side Channel Attacks
https://leakuidatorplusteam.github.io/preprint.pdf
Cookie Theft to BEC
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
VMWare Patch
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
