SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) - podcast cover

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrichisc.sans.edu
News
Tech News
Technology
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Follow on
Metacast
Apple Podcasts
Spotify
Youtube
RSS

Episodes

ISC StormCast for Monday, September 20th, 2021

Malicious Calendar Subscriptions Are Back https://isc.sans.edu/forums/diary/Malicious+Calendar+Subscriptions+Are+Back/27846/ Simple Analysis of a CVE-2021-40444 (MSHTML) Document https://isc.sans.edu/forums/diary/Simple+Analysis+Of+A+CVE202140444+docx+Document/27848/ Mirai Botnet Hunting OMIGOD https://twitter.com/1ZRR4H/status/1438580885142507528 https://isc.sans.edu/port.html?port=1270 Exploit for Netgear Flaws Available https://gynvael.coldwind.pl/?id=742...

Sep 20, 20216 minEp. 7678

ISC StormCast for Friday, September 17th, 2021

Phishing 101: why depend on one suspicious message subject when you can use many https://isc.sans.edu/forums/diary/Phishing+101+why+depend+on+one+suspicious+message+subject+when+you+can+use+many/27842/ PrintNightmare Fix Breaks Network Printing https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/ Malware Taking Advantage of Linux Subsystem for Windows https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-a...

Sep 17, 20217 minEp. 7676

ISC StormCast for Thursday, September 16th, 2021

Hancitor Campaign Abusing Microsoft's OneDrive https://isc.sans.edu/forums/diary/Hancitor+campaign+abusing+Microsofts+OneDrive/27838/ "Secret"Agent Exposes Azure Customers To Unauthorized Code Execution https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution...

Sep 16, 20215 minEp. 7674

ISC StormCast for Wednesday, September 15th, 2021

Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+September+2021+Patch+Tuesday/27834/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html

Sep 15, 20215 minEp. 7672

ISC StormCast for Tuesday, September 14th, 2021

Apple Updates Everything https://support.apple.com/en-us/HT201222 Citizenlab Discloses NSO Exploit Details https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ Google Chrome Update https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html WooCommerce Multi Currency Plugin Vulnerablity https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/...

Sep 14, 20215 minEp. 7670

ISC StormCast for Monday, September 13th, 2021

Shipping Microsoft DNS Logs to Elasticsearch https://isc.sans.edu/forums/diary/Shipping+to+Elasticsearch+Microsoft+DNS+Logs/27828/ Exploit Generator for CVE-2021-40444 https://github.com/lockedbyte/CVE-2021-40444 Windows Lock Screen Bypass https://halove23.blogspot.com/2021/09/zdi-21-1053-bypassing-windows-lock.html Citrix Hypervisor Update https://support.citrix.com/article/CTX325319 GitHub Identifies Vulnerable node.js Packages https://github.blog/2021-09-08-github-security-update-vulnerabilit...

Sep 13, 20216 minEp. 7668

ISC StormCast for Friday, September 10th, 2021

ISC/DShield API Updates https://isc.sans.edu/forums/diary/Updates+to+Our+DatafeedsAPI/27824/ Update on Windows MSHTML Vulnerability https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/ GitHub Actions check-spelling community workflow GITHUB_TOKEN leakage https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md...

Sep 10, 20217 minEp. 7666

ISC StormCast for Thursday, September 9th, 2021

Protonmail Correction https://protonmail.com/blog/climate-activist-arrest/ https://protonmail.com/privacy-policy "Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/ Thyotic Secret Server Critical Update https://docs.thycotic.com/ss/11.0.0/release-notes/ss-rn-11-0-000007.md Zoho Vulnerablity Exploited https://www.manageengine.com/products/self-service-password/kb/how-...

Sep 09, 20216 minEp. 7664

ISC StormCast for Wednesday, September 8th, 2021

Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 ProntonMail/VPN Releasing User's IP Address https://protonmail.com/blog/climate-activist-arrest/ What's App End To End Encryption Questioned (but upheld) https://twitter.com/evacide/status/1435288900587589632?s=20 PRIVATELOG and STASHLOG Malware Store Payload in Common Log File System (CLFS) https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-usi...

Sep 08, 20216 minEp. 7662

ISC StormCast for Tuesday, September 7th, 2021

Confluence Update https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html https://www.jenkins.io/blog/2021/09/04/wiki-attacked/ ProxyShell Update https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/ RCE-0-Day for GhostScript 9.50 https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 Netgear Switch Auth Bypass https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-S...

Sep 07, 20215 minEp. 7660

ISC StormCast for Friday, September 3rd, 2021

Attackers Will Always Abuse Major Events in our Lifes https://isc.sans.edu/forums/diary/Attackers+Will+Always+Abuse+Major+Events+in+our+Lifes/27808/ Active Exploitation of Confluence Server CVE-2021-26084 https://www.rapid7.com/blog/post/2021/09/02/active-exploitation-of-confluence-server-cve-2021-26084/ GitHub Removing old Ciphers / Keys https://github.blog/2021-09-01-improving-git-protocol-security-github/ Cisco Enterprise NFV Infrastructure Software Authentication Bypass https://tools.cisco.c...

Sep 03, 202114 minEp. 7658

ISC StormCast for Thursday, September 2nd, 2021

STRRAT: A Java Based RAT That Doesn't Care if You Have Java https://isc.sans.edu/forums/diary/STRRAT+a+Javabased+RAT+that+doesnt+care+if+you+have+Java/27798/ IPC360 Baby Monitor Vulnerability https://www.bitdefender.com/files/News/CaseStudies/study/402/Bitdefender-PR-Whitepaper-VictureIPC-creat5590-en-EN.pdf Annke Network Video Recorder Vulnerability https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02 ProxyWare Abuse https://blog.talosintelligence.com/2021/08/proxyware-abuse.html...

Sep 02, 20216 minEp. 7656

ISC StormCast for Wednesday, September 1st, 2021

BrakTooth: Impacts, Implications and Next Steps https://isc.sans.edu/forums/diary/BrakTooth+Impacts+Implications+and+Next+Steps/27802/ Fortress Home Security System Weakness https://threatpost.com/fortress-home-security-remote-disarmament/169069/ PostgreSQL set_user Module Vulnerability https://www.postgresql.org/about/news/set_user-201-released-2279/...

Sep 01, 20215 minEp. 7654

ISC StormCast for Tuesday, August 31st, 2021

Cryptocurrency Clipboard Swapper Delivered With Love https://isc.sans.edu/forums/diary/Cryptocurrency+Clipboard+Swapper+Delivered+With+Love/27794/ ProxyToken Vulnerability in Exchange https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server LockFile Ransomware Evasion Tricks https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html...

Aug 31, 20216 minEp. 7652

ISC StormCast for Monday, August 30th, 2021

ChaosDB: Azure Cosmos Database Vulnerability https://chaosdb.wiz.io Phishing via Open Redirects https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/ Parallels Vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/208188 https://www.zerodayinitiative.com/advisories/ZDI-21-1000/...

Aug 30, 20215 minEp. 7650

ISC StormCast for Friday, August 27th, 2021

Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x GETH DoS Vulnerability https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8 Confluence Security Advisory https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html VMWare Updates https://www.vmware.com/security/advisories.html...

Aug 27, 20216 minEp. 7648

ISC StormCast for Thursday, August 26th, 2021

There May Be Many More SPF Records Than We Might Expect https://isc.sans.edu/forums/diary/There+may+be+many+more+SPF+records+than+we+might+expect/27786/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html F5 Update https://support.f5.com/csp/article/K50974556 https://support.f5.com/csp/article/K41351250 SideWalk Backdoor https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/...

Aug 26, 20216 minEp. 7646

ISC StormCast for Wednesday, August 25th, 2021

Attackers Hunting for Twilio Credentials https://isc.sans.edu/forums/diary/Attackers+Hunting+For+Twilio+Credentials/27782/ Modified WhatsApp Spreading Malware https://securelist.com/triada-trojan-in-whatsapp-mod/103679/ Privilege Escalation without Pluggin in Device http://0xsp.com/security%20research%20&%20development%20(SRD)/local-administrator-is-not-just-with-razer-it-is-possible-for-all...

Aug 25, 20215 minEp. 7644

ISC StormCast for Tuesday, August 24th, 2021

Out of Band Phishing Using SMS Messages to Evade Network Detection https://isc.sans.edu/forums/diary/Out+of+Band+Phishing+Using+SMS+messages+to+Evade+Network+Detection/27768/ Elevate Priviledges with Razer Mouse https://twitter.com/j0nh4t/status/1429049506021138437 Realtek Vulnerabilites Exploited https://securingsam.com/realtek-vulnerabilities-weaponized/ Exposed Microsoft Power Apps https://www.upguard.com/breaches/power-apps...

Aug 24, 20216 minEp. 7642

ISC StormCast for Monday, August 23rd, 2021

Waiting for the C2 to Show Up https://isc.sans.edu/forums/diary/Waiting+for+the+C2+to+Show+Up/27772/ DOCX with Embdedded EXE https://isc.sans.edu/forums/diary/docx+With+Embedded+EXE/27776/ Securing Your Windows 365 Cloud PCs https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129 Pegasus Fraud Scam https://www.ehackingnews.com/2021/08/pegasus-iphone-hacks-used-as-bait-in.html Proper Audit Logging for Office 365 https://zolder.io/office-365-audi...

Aug 23, 20215 minEp. 7640

ISC StormCast for Friday, August 20th, 2021

When Lightning Strikes: What works and doesn't work https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/ Cisco Small Business Router Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5 Blackberry QNX Products Vulnerability https://support.blackberry.com/kb/articleDetail?articleNumber=000082334 SANS.edu Student: Mark Morowcynzski; Decreasing Attacker Dwell Time in Azure Active Directory ...

Aug 20, 202115 minEp. 7638

ISC StormCast for Thursday, August 19th, 2021

5 Things to Consider Before Moving Back to the Office https://isc.sans.edu/forums/diary/5+Things+to+Consider+Before+Moving+Back+to+the+Office/27762/ Adobe Patches https://helpx.adobe.com/security.html Several Web Sites Infected with Chinese Spyware https://imp0rtp3.wordpress.com/2021/08/12/tetris/ Trickbot Tricks Users with 1Password https://www.ehackingnews.com/2021/08/trickbot-employs-bogus-1password.html...

Aug 19, 20215 minEp. 7636

ISC StormCast for Wednesday, August 18th, 2021

Laravel Exploit Attempts Tageting Vulnerability in "Ignition" https://isc.sans.edu/forums/diary/Laravel+v842+exploit+attempts+for+CVE20213129+debug+mode+Remote+code+execution/27758/ ThroughTek "Kaley" Protocol Vulnerability https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html Fortinet FortiWeb Vulnerability https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/...

Aug 18, 20216 minEp. 7634

ISC StormCast for Tuesday, August 17th, 2021

Triage of Malware Bazaar's Daily Malware Batches https://isc.sans.edu/forums/diary/Extra+Tip+For+Triage+Of+MALWARE+Bazaars+Daily+Malware+Batches/27754/ Realtek SDK Vulnerability https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/ https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf STARTTLS Vulnerabilities https://www.usenix.org/conference/usenixsecurity21/presentation/poddebniak Racoon Infostealer Self Infection ...

Aug 17, 20215 minEp. 7632

ISC StormCast for Monday, August 16th, 2021

Exchange E-Discovery Scans https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Exchange+eDiscovery/27748/ Danabot Distributed Through Malspam https://isc.sans.edu/forums/diary/Example+of+Danabot+distributed+through+malspam/27744/ Weaponizing Middleboxes https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/ https://www.usenix.org/conference/usenixsecurity21/presentation/bock Deep Blue Magic Ransomware https://www.ehackingnews.com/2021/08/deepbluemagic-newly-discovered.html...

Aug 16, 20216 minEp. 7630

ISC StormCast for Friday, August 13th, 2021

Print Nightmare Continues: CVE-2021-36958 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958 Print Nightmare Abused by Ransomware Gangs https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/ PolyNetwork Attack https://www.theregister.com/2021/08/10/poly_networks_cryptocurrency_theft/...

Aug 13, 20213 minEp. 7628

ISC StormCast for Thursday, August 12th, 2021

TA551 Shathak Continues Pushing BazarLoader Leading to Cobalt Strike https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/ New AdLoad Campaign Goes Undetected by XProtect https://labs.sentinelone.com/massive-new-adload-campaign-goes-entirely-undetected-by-apples-xprotect/ Android FlyTrap Malware Hitting Facebook Users https://www.ehackingnews.com/2021/08/android-malware-flytrap-hacks-facebook.html 5G Shortcuts allow Evesdropping htt...

Aug 12, 20216 minEp. 7626

ISC StormCast for Wednesday, August 11th, 2021

Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2021+Patch+Tuesday/27736/ Adobe Patches https://helpx.adobe.com/security.html cPanel/WHM Vulnerabilities https://www.fortbridge.co.uk/research/multiple-vulnerabilities-in-cpanel-whm/ Firefox Update Released https://www.mozilla.org/en-US/firefox/91.0/releasenotes/...

Aug 11, 20215 minEp. 7624

ISC StormCast for Tuesday, August 10th, 2021

Microsoft Exchange ProxyShell https://isc.sans.edu/forums/diary/ProxyShell+how+many+Exchange+servers+are+affected+and+where+are+they/27732/ Synology Warns of Brute Force Attacks https://www.synology.com/en-global/company/news/article/BruteForce/Synology %20Investigates%20Ongoing%20Brute-Force%20Attacks%20From%20Botnet Router Auth Bypass https://threatpost.com/auth-bypass-bug-routers-exploited/168491/ Firefox Version 100 Experiment https://bugzilla.mozilla.org/show_bug.cgi?id=1719070 Interaction ...

Aug 10, 20216 minEp. 7622

ISC StormCast for Monday, August 9th, 2021

Malicious Microsoft Word Remains A Key Infection Vector https://isc.sans.edu/forums/diary/Malicious+Microsoft+Word+Remains+A+Key+Infection+Vector/27716/ Malware Bazaar Daily Download https://isc.sans.edu/forums/diary/MALWARE+Bazaar+Download+daily+malware+batches/27728/ Go/Rust IP Address Validation Vulnerability https://github.com/rust-lang/rust/pull/83652 Facial Recognition "Master Keys" https://arxiv.org/pdf/2108.01077.pdf Pulse Secure Patch Bypass https://kb.pulsesecure.net/articles/Pulse_Sec...

Aug 09, 20215 minEp. 7620