SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Jul 14, 2022 • 6min
ISC StormCast for Thursday, July 14th, 2022
Using Referrers to Detect Phishing Attacks
https://isc.sans.edu/diary/Using+Referers+to+Detect+Phishing+Attacks/28836
Callback Phishing Campaigns Impersonating Security Companies
https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies/
Retbleed Spectre Attack
https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/
Buffer Overflow Vulnerabilities in UEFI firmware of several Lenovo Notebook
https://twitter.com/ESETresearch/status/1547166334651334657
Jul 13, 2022 • 6min
ISC StormCast for Wednesday, July 13th, 2022
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft+July+2022+Patch+Tuesday/28838
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
SAP Patches
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
IBM Patches
https://www.ibm.com/support/pages/node/6602255
https://www.ibm.com/support/pages/node/6602259
https://www.ibm.com/support/pages/node/6602251
Jul 12, 2022 • 6min
ISC StormCast for Tuesday, July 12th, 2022
Rogers Outage
https://about.rogers.com/news-ideas/a-message-from-rogers-president-and-ceo/
Rolling Pwn
https://rollingpwn.github.io/rolling-pwn/
GitHub Runners mine Cryptocoins
https://www.trendmicro.com/en_us/research/22/g/unpacking-cloud-based-cryptocurrency-miners-that-abuse-github-ac.html
SANSFIRE Keynote Stream
https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
Jul 11, 2022 • 5min
ISC StormCast for Monday, July 11th, 2022
SANSFIRE Keynote Stream
https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
Extracting URLs from Emotet with Cyberchef
https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/
Microsoft rolling Back Macro Policy Change
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
Checkmate Ransomware Affected Poorly Configured QNAP NAS
https://www.qnap.com/en/security-advisory/QSA-22-21
PyPi Requires 2FA for critical packages
https://pypi.org/security-key-giveaway/
Jul 7, 2022 • 7min
ISC StormCast for Thursday, July 7th, 2022
How Many SANs are Insane
https://isc.sans.edu/forums/diary/How+Many+SANs+are+Insane/28820/
Fortinet July Updates
https://fortiguard.fortinet.com/psirt?date=07-2022
Phishing Attacks Getting Trickier
https://www.sans.org/newsletters/ouch/phishing-attacks-getting-trickier
Quantum Safe Ciphers
https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4
Apple Proposes Lockdown Mode
https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/
Jul 6, 2022 • 6min
ISC StormCast for Wednesday, July 6th, 2022
EternalBlue 5 Years After WannaCry and NotPetya
https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/
OpenSSL Patches Two Vulnerabilities
https://www.openssl.org/news/secadv/20220705.txt
Iconburst NPM Software Supply Chain Attack
https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites
Jul 5, 2022 • 6min
ISC StormCast for Tuesday, July 5th, 2022
7Zip Mark of the Web For Office Files
https://isc.sans.edu/forums/diary/7Zip+MoW+For+Office+files/28812/
SessionManager Backdoor Seen with IIS
https://securelist.com/the-sessionmanager-iis-backdoor/106868/
Googe Chrome Stable Channel Update
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
Jul 1, 2022 • 6min
ISC StormCast for Friday, July 1st, 2022
Case Study: Cobalt Strike Server Lives on After its Domain is Suspended
https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
https://www.horizon3.ai/red-team-blog-cve-2022-28219/
CWE Top 25 Update
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html#analysis
Jun 30, 2022 • 7min
ISC StormCast for Thursday, June 30th, 2022
Its New Phone Day: Time to Migrate Your MFA
https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/
Managing Human Risk Security Awareness Report
https://go.sans.org/lp-wp-2022-sans-security-awareness-report
Microsoft Azure Service Fabric Container Elevation of Privilege Vulnerability
https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/#The-Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137
Zimbra RCE Vulnerability
https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
FBI Warns of Deep Fakes Beeing Used in Job Interviews
https://www.ic3.gov/Media/Y2022/PSA220628
Jun 29, 2022 • 6min
ISC StormCast for Wednesday, June 29th, 2022
Possible Scans for HiByMusic Devices
https://isc.sans.edu/forums/diary/Possible+Scans+for+HiByMusic+Devices/28796/
OpenSSL Heap Overflow
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://github.com/openssl/openssl/issues/18625#issuecomment-1165012549
ZuoRat MalwareHijacking Home Office Routers
https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
