SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) - podcast cover

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrichisc.sans.edu
News
Tech News
Technology
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Follow on
Metacast
Apple Podcasts
Spotify
Youtube
RSS

Episodes

ISC StormCast for Tuesday, February 9th, 2021

Tshark and Malware Analysis https://isc.sans.edu/forums/diary/Quickie+tshark+Malware+Analysis/27076/ Barcode Scanner Going Bad https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/ Morse Code Obfuscation https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/ Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2021-06/ Water Treatment Facility Compromised https...

Feb 09, 20216 minEp 7364Transcript available on Metacast

ISC StormCast for Monday, February 8th, 2021

VBA Macro Trying to Alter the Application Menus https://isc.sans.edu/forums/diary/VBA+Macro+Trying+to+Alter+the+Application+Menus/27068/ The Great Suspender Going Malicious https://www.zdnet.com/article/google-kills-the-great-suspender-heres-what-you-should-do-next/ https://github.com/greatsuspender/thegreatsuspender/issues/1263 Google Chrome Zero Day https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html Plex Media SSDP Amplication DDoS https://www.netscout.com/b...

Feb 08, 20216 minEp 7362Transcript available on Metacast

ISC StormCast for Friday, February 5th, 2021

Abusing Google Chrome Extension Syncing For Data Exfiltration and C&C https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/ Microsoft Defender ATP Google Chrome False Positive https://twitter.com/itquartz/status/1356940218138509312 Social Engineering Attacks against Security Researchers Used IE 0 day https://enki.co.kr/blog/2021/02/04/ie_0day.html# https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against...

Feb 05, 20216 minEp 7360Transcript available on Metacast

ISC StormCast for Thursday, February 4th, 2021

Excel Spreadsheets Push SystemBC Malware https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/ SolarWinds Vulnerability https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28389 SolarWinds SANS Lightning Summit https://www.sans.org/webcasts/solarwinds-lightning-summit-118550 SonicWall Patch https://www.sonicwall.com/support/product-notification/urgent-patch-available-for-sma-100-series-10-x-firmware-zero-day-vulnerability-updated-feb-...

Feb 04, 20216 minEp 7358Transcript available on Metacast

ISC StormCast for Wednesday, February 3rd, 2021

New Example of XSL Script Processing aka "Mitre T1220" https://isc.sans.edu/forums/diary/New+Example+of+XSL+Script+Processing+aka+Mitre+T1220/27056/ Camerfirma Certificate Authority Revocation https://groups.google.com/g/mozilla.dev.security.policy/c/jif4zWNgGPw Kobalos HPC Linux Malware https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/ Agent Tesla Overwries Windows AMSI https://threatpost.com/agent-tesla-microsoft-asmi/163581/...

Feb 03, 20216 minEp 7356Transcript available on Metacast

ISC StormCast for Tuesday, February 2nd, 2021

MacOS 11.2 Update https://support.apple.com/en-us/HT212147 Objective-See Tools Now Open Sources https://twitter.com/patrickwardle/status/1356149073045143553 iMessage Blastdoor https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html SonicWall Update https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/...

Feb 02, 20216 minEp 7354Transcript available on Metacast

ISC StormCast for Monday, February 1st, 2021

Perl.com Domain Hijacked https://www.ehackingnews.com/2021/01/perlcom-official-site-for-perl.html Spamcop Domain Expired https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/ libgcrypt vulnerability https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html Fingerprinting QUIC https://arxiv.org/pdf/2101.11871.pdf...

Feb 01, 20215 minEp 7352Transcript available on Metacast

ISC StormCast for Friday, January 29th, 2021

New Cryptojacking Malware https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/ SlipStreaming https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/ Shadowsocks https://shadowsocks.org/en/index.html...

Jan 29, 20216 minEp 7350Transcript available on Metacast

ISC StormCast for Thursday, January 28th, 2021

Emotet vs. Windows Attack Surface Reduction https://isc.sans.edu/forums/diary/Emotet+vs+Windows+Attack+Surface+Reduction/27036/ Go Lang Vulnerability https://blog.golang.org/path-security Azure Docker Escape https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/...

Jan 28, 20216 minEp 7348Transcript available on Metacast

ISC StormCast for Wednesday, January 27th, 2021

Critical sudo Vulnerability https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit Quakbot (QBot) Update https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+Qakbot+Qbot/27030/ Targeting Security Researchers https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ Apple Updates iOS, iPad, tvOS, watchOS, Xcode and iCloud for Windows https://support.apple.com/en-us/HT201222...

Jan 27, 20217 minEp 7346Transcript available on Metacast

ISC StormCast for Tuesday, January 26th, 2021

Fun With nmap nse Scripts and DoH (DNS over HTTPS) https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/ Malicious NPM Module Stealing Discord Passwords https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains Mitigating the $I30 Bug https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/ https://github.com/OSRDrivers/i30Flt ProtonVPN BSOD https://protonstatus.com/incidents/124...

Jan 26, 20215 minEp 7344Transcript available on Metacast

ISC StormCast for Monday, January 25th, 2021

Another File Extension to Block: JNLP https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/ SonicWall Vulnerability Used to Breach SonicWall https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/ iObit Forum Breached / Used for Ransomware Distribution https://www.bleepingcomputer.com/forums/t/741190/derohe-ransomware-distributed-through-fake-iob...

Jan 25, 20216 minEp 7342Transcript available on Metacast

ISC StormCast for Friday, January 22nd, 2021

Powershell Ropping REvil Ransomware https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/ SAP Exploit Circulating https://onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujan2021.html RDP Used for DDoS https://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification Billy Wilson: Mitigating Attacks Against Supercomputers with KRSI https://www.sans.org...

Jan 22, 202114 minEp 7340Transcript available on Metacast

ISC StormCast for Thursday, January 21st, 2021

SolarWinds Updates https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/ https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/ Cisco Advisories https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns...

Jan 21, 20217 minEp 7338Transcript available on Metacast

ISC StormCast for Wednesday, January 20th, 2021

Qakbot Activity Resumes After Holiday Break https://isc.sans.edu/forums/diary/Qakbot+activity+resumes+after+holiday+break/27008/ Multiple dnsmasq Vulnerabilities https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf FreakOut Malware https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/ Kids Break Screensaver https://github.com/linuxmint/cinnamon-screensaver/issues/354...

Jan 20, 20216 minEp 7336Transcript available on Metacast

ISC StormCast for Tuesday, January 19th, 2021

Doc And RTF Malicious Document https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/ Center for Internet Security Cisco NX-OS Benchmark https://www.cisecurity.org/cis-benchmarks/ Exploit for Shazam Geolocation Vulnerablity https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792 Voice Phishing and Internal Messaging Systems Used to Escalate Privileges https://www.ic3.gov/Media/News/2021/210115.pdf...

Jan 19, 20216 minEp 7334Transcript available on Metacast

ISC StormCast for Monday, January 18th, 2021

Scans for DNS over HTTPs https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/ https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments Netlogon Domain Controller Enforcement Mode Starting February 9th https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/ Apple Removing ContentFilterExclusionList...

Jan 18, 20215 minEp 7332Transcript available on Metacast

ISC StormCast for Friday, January 15th, 2021

Dynamically Analzying A Heavily Obfuscted Excel 4 Macro Malicious File https://isc.sans.edu/forums/diary/Dynamically+analyzing+a+heavily+obfuscated+Excel+4+macro+malicious+file/26986/ Odd Filename Corrupts NTFS Disks https://twitter.com/jonasLyk/status/1347900440000811010 Cisco Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x...

Jan 15, 20215 minEp 7330Transcript available on Metacast

ISC StormCast for Thursday, January 14th, 2021

Hancitor Activity Resumes After a Holiday Break https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/ Intel Hardware-Enabled Ransomware Protections https://www.cybereason.com/blog/cybereason-and-intel-introduce-hardware-enabled-ransomware-protections-for-businesses Making Clouds Rain: RCE in Microsoft Office 365 https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html#fn:1 SAP Security Patch Day https://wiki.scn.sap.com/wiki/pages/viewpage...

Jan 14, 20216 minEp 7328Transcript available on Metacast

ISC StormCast for Wednesday, January 13th, 2021

MSFT January 2021 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+January+2021+Patch+Tuesday/26978/ Adobe Patches https://helpx.adobe.com/security.html MimeCast Cert Stolen https://www.mimecast.com/blog/important-update-from-mimecast/ Leaking Silhouettes of Cross-Origin Images https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/...

Jan 13, 20216 minEp 7326Transcript available on Metacast

ISC StormCast for Tuesday, January 12th, 2021

Using the NVD Database API Part 3/3 https://isc.sans.edu/forums/diary/Using+the+NVD+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Tool+Drop+CVEScan+Part+3+of+3/26974/ Sysinternals Update https://docs.microsoft.com/en-us/sysinternals/ Ubiquiti Breach https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/ Run-Only AppleScript Reversing https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-apples...

Jan 12, 20216 minEp 7324Transcript available on Metacast

ISC StormCast for Monday, January 11th, 2021

Maldoc Strings Analysis https://isc.sans.edu/forums/diary/Maldoc+Strings+Analysis/26966/ CVSS Reliablity Survey https://user-surveys.cs.fau.de/index.php?r=survey/index&sid=248857 Fake Trump Video Malware https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-qnode-rat-downloader-distributed-as-trump-video-scandal/ SMS Phishing (Smishing) https://www.bbc.com/news/business-55563748 dnsren vulnerability https://www.exploit-db.com/exploits/49394...

Jan 11, 20216 minEp 7322Transcript available on Metacast

ISC StormCast for Friday, January 8th, 2021

Using the NIST Database and API to Keep Up with Vulnerabilities https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/ Titan Security Key https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf The Great Suspender Google Chrome Extension https://www.theregister.com/2021/01/07/great_suspender_malware/ Brian Nishida: Ubuntu Artifacts Generated by Gnome Desktop Environment https://www.sans.org/reading-room/...

Jan 08, 202116 minEp 7320Transcript available on Metacast

ISC StormCast for Thursday, January 7th, 2021

Zyxel Exploitation Under Way https://isc.sans.edu/forums/diary/Scans+for+Zyxel+Backdoors+are+Commencing/26954/ Fortinet Patches https://www.fortiguard.com/psirt?date=01-2021 Foxit PhantomPDF Patches https://www.foxitsoftware.com/support/security-bulletins.html Firefox Android Updates https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/...

Jan 07, 20214 minEp 7318Transcript available on Metacast

ISC StormCast for Wednesday, January 6th, 2021

Netfox Detective: An Alternative Open-Source Packet Analysis Tool https://isc.sans.edu/forums/diary/Netfox+Detective+An+Alternative+OpenSource+Packet+Analysis+Tool/26950/ ElectroRAT Drains Cryptocurrency Accounts https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/ Chrome Will Prefer HTTPS over HTTP By Default https://chromium-review.googlesource.com/c/chromium/src/+/2568448 Android January Patch Day https://source.android.com/s...

Jan 06, 20216 minEp 7316Transcript available on Metacast

ISC StormCast for Tuesday, January 5th, 2021

From a Small BAT File to Mass Logger Infostealer https://isc.sans.edu/forums/diary/From+a+small+BAT+file+to+Mass+Logger+infostealer/26946/ Citrix Releases Updates Addressing DTLS Flaw https://support.citrix.com/article/CTX289674 Zend Framework Deserialization Flaw https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007 https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20 %20rce.md...

Jan 05, 20215 minEp 7314Transcript available on Metacast

ISC StormCast for Monday, January 4th 2021

Traffic Analysis Quiz https://isc.sans.edu/forums/diary/End+of+Year+Traffic+Analysis+Quiz/26940/ Zyxel Backdoor https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html Microsoft Source Code Accessed As a Result of SolarWinds Backdoor https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/...

Jan 04, 20214 minEp 7312Transcript available on Metacast

ISC StormCast for Wednesday, December 30th 2020

Accessing Restricted Directory Listings via Your AV Solution https://isc.sans.edu/forums/diary/Want+to+know+whats+in+a+folder+you+dont+have+a+permission+to+access+Try+asking+your+AV+solution/26932/ Coin Miner Malware Written in Go https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/?fbclid=IwAR3eFiHCNoqr5mc2UAOcm8nocjUOjZn0cpcAiSoYmn__JtJfBbjqUUT1OwQ AutoHotKey Credential Stealer https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-c...

Dec 30, 20204 minEp 7310Transcript available on Metacast

ISC StormCast for Tuesday, December 29th 2020

Extending Android Device Compatibility for Let's Encrypt Certificates https://letsencrypt.org/2020/12/21/extending-android-compatibility.html Insufficient Patch for Windows 8.1/10 Print Spooler https://bugs.chromium.org/p/project-zero/issues/detail?id=2096 Google Docs Vulnerability https://savebreach.com/stealing-private-documents-through-a-google-docs-bug/ CCC Conferences Virtual https://streaming.media.ccc.de/rc3...

Dec 29, 20205 minEp 7308Transcript available on Metacast

ISC StormCast for Monday, December 28th 2020

base64dump.py Supported Encodings https://isc.sans.edu/forums/diary/base64dumppy+Supported+Encodings/26924/ String Analysis and Maldocs https://isc.sans.edu/forums/diary/Quickie+String+Analysis+Maldocs/26922/ Malicious Word Document Delivering an Octopus Backdoor https://isc.sans.edu/forums/diary/Malicious+Word+Document+Delivering+an+Octopus+Backdoor/26918/ Analysis Dridex Dropper, IoC extraction https://isc.sans.edu/forums/diary/Analysis+Dridex+Dropper+IoC+extraction+guest+diary/26920/ AT&T Out...

Dec 28, 20206 minEp 7306Transcript available on Metacast