SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrich

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Episodes

Mentioned books

Jun 28, 2022 • 7min

ISC StormCast for Tuesday, June 28th, 2022

Encrypted Client Hello: Anybody Using it Yet? https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/ Jenkins Advisory https://www.jenkins.io/security/advisory/2022-06-22/ Instagram Age Verification https://about.fb.com/news/2022/06/new-ways-to-verify-age-on-instagram/ CodeSys V2 Vulnerability https://github.com/ic3sw0rd/Codesys_V2_Vulnerability

Jun 27, 2022 • 8min

ISC StormCast for Monday, June 27th, 2022

Python Abusing the Windows GUI https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/ Malicious Code Passed to PowerShell via the Clipboard https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/ Attacking With WebView2 Applications https://mrd0x.com/attacking-with-webview2-applications/ Bronze Starlight Ransomware Operations Use Hui Loaders https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader Novel Exploit Detected in Mitel VoIP Appliance https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499

Jun 23, 2022 • 6min

ISC StormCast for Thursday, June 23rd, 2022

Malicious PowerShell Targeting Cryptocurrency Browser Extensions https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/ Keeping PowerShell: Security Measures to Use and Embrace https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF Client-Side Magecart Attacks Still Around, But More Covert https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/ Chinese actor takes aim, armed with Nim Language and Bizarro AES https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/ Israeli Air Raid Sirens Hacked https://twitter.com/Israel_Cyber/status/1538821467785265153

Jun 22, 2022 • 6min

ISC StormCast for Wednesday, June 22nd, 2022

Experimental New Domain / Domain Age API https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/ Forescout Vedere Labs Discovers 56 OT Vulnerabilities https://www.forescout.com/resources/ot-icefall-report/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/ Does Acrobat Reader Unload Injection of Security Products https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products 7-Zip Mark-of-the-Web Support https://www.7-zip.org/history.txt

Jun 21, 2022 • 6min

ISC StormCast for Tuesday, June 21st, 2022

Odd TCP Fast Open Packets https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/ DFSCoerce NTLM Relay Attack https://github.com/Wh04m1001/DFSCoerce https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429 Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/ Safari Vulnerability Analysis https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html Internet Explorer Remnants Still an Issue https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time

Jun 20, 2022 • 9min

ISC StormCast for Monday, June 20th, 2022

Critical Vulnerability in Splunk Enterprise Deployment Server Functionality https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/ Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/ Proofpoint Discovers Potentially Dangerous Office 365 Functionality https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality

Jun 17, 2022 • 6min

ISC StormCast for Friday, June 17th, 2022

Houdini is Back Delivered Through a JavaScript Dropper https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/ Drifting Cloud: Zero-Day Sophos Firewall Exploitation https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/ Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack Cisco Email Security Appliance and Cisco Secure Email and Web Manager https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/

Jun 16, 2022 • 6min

ISC StormCast for Thursday, June 16th, 2022

Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/ Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/ Cloud Middleware Dataset https://github.com/wiz-sec/cloud-middleware-dataset CVE-2022-26937 Windows Network File System NLM Portmap Stack Buffer Overflow https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow Citrix Application Delivery Management Security Bulletin https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512 Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/

Jun 15, 2022 • 7min

ISC StormCast for Wednesday, June 15th, 2022

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html SynLapse Vulnerability https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ Hertzbleed Attack https://www.hertzbleed.com

Jun 14, 2022 • 6min

ISC StormCast for Tuesday, June 14th, 2022

Translating Saitama's DNS Tunneling https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/ Travis CI Logs Expose Users to Cyber Attacks https://blog.aquasec.com/travis-ci-security Linux Threat Hunting: "Syslogk" a kernel rootkit found under development in the wild https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/ Mitel Desk Phone Backdoor https://blog.syss.com/posts/rooting-mitel-desk-phones-through-the-backdoor/

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

App store banner

Play store banner