SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) - podcast cover

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrichisc.sans.edu
News
Tech News
Technology
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Follow on
Metacast
Apple Podcasts
Spotify
Youtube
RSS

Episodes

ISC StormCast for Wednesday, December 23rd 2020

Malware Victim Selection Through WiFi Identification https://isc.sans.edu/forums/diary/Malware+Victim+Selection+Through+WiFi+Identification/26910/ New Treck IP Stack Vulnerabilities https://treck.com/vulnerability-response-information/ Detecting Treck IP Stack https://github.com/Forescout/project-memoria-detector...

Dec 23, 20204 minEp 7304Transcript available on Metacast

ISC StormCast for Tuesday, December 22nd 2020

What's The Deal With Openportstats.com? https://isc.sans.edu/forums/diary/Whats+the+deal+with+openportstatscom/26912/ Dell Wyse ThinOS 8.6 Security Update https://www.dell.com/support/kbdoc/en-hr/000180768/dsa-2020-281 SolarWinds 2nd Backdoor https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/ SolarWinds Domains https://securelist.com/sunburst-connecting-the-dots-in-the...

Dec 22, 20206 minEp 7302Transcript available on Metacast

ISC StormCast for Monday, December 21st 2020

A slightly optimistic tale of how patching went for CVE-2019-19781 https://isc.sans.edu/forums/diary/A+slightly+optimistic+tale+of+how+patching+went+for+CVE201919781/26900/ Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working https://isc.sans.edu/forums/diary/Headsup+VirusTotal+Functionality+in+Sysinternals+Tools+Not+Working/26906/ Kasachstan: Browsers Block Government Certificate Authority https://www.zdnet.com/article/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-http...

Dec 21, 20206 minEp 7300Transcript available on Metacast

ISC StormCast for Friday, December 18th 2020

Token Authentication Requirements for Git Operations https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ Google Attempting to Speed Up OS Update Adoption https://android-developers.googleblog.com/2020/12/treble-plus-one-equals-four.html Trend Micro InterScan Web Security Virtual Appliance Vulnerability https://success.trendmicro.com/solution/000283077 Malicios Browser Extensions https://blog.avast.com/malicious-browser-extensions-avast...

Dec 18, 20206 minEp 7298Transcript available on Metacast

ISC StormCast for Thursday, December 17th 2020

Cloud DNS Logs https://isc.sans.edu/forums/diary/DNS+Logs+in+Public+Clouds/26892/ Solarwinds Update https://www.heise.de/news/l-f-SolarWinds-Backdoor-Hersteller-sorgte-fuer-Ausnahmen-von-AV-Ueberwachung-4990910.html https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/ Hewlett Packard Enterprise Systems Insight Manager (SIM) Vulnerability https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us SAP HANA SAML Validation Weak...

Dec 17, 20206 minEp 7296Transcript available on Metacast

ISC StormCast for Wednesday, December 16th 2020

Analyzing A Fireeye Maldoc https://isc.sans.edu/forums/diary/Analyzing+FireEye+Maldocs/26882/ Didier Stevens: 2020 Difference Makers https://www.sans.org/webcasts/2020-difference-makers-awards-ceremony-117154 F5 Big IP Vulnerabilities https://support.f5.com/csp/article/K20984059 https://support.f5.com/csp/article/K42696541 https://support.f5.com/csp/article/K37960100 Google Outage https://status.cloud.google.com/incident/zall/20013 GoLang XML Parser Vulnerabilities https://mattermost.com/blog/co...

Dec 16, 20206 minEp 7294Transcript available on Metacast

ISC StormCast for Tuesday, December 15th 2020

SolarWinds Followup https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/ https://sansurl.com/solarwinds Apple Updates Everything https://support.apple.com/en-us/HT201222 Sophos and Reversing Labs Release 20 Million Malware Samples https://github.com/sophos-ai/SOREL-20M...

Dec 15, 20207 minEp 7292Transcript available on Metacast

ISC StormCast for Monday, December 14th 2020

SolarWinds Compromise https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/ Writing Yara Rules for Fun and Profit: Notes form the FireEye Breach Countermeasures https://isc.sans.edu/forums/diary/Writing+Yara+Rules+for+Fun+and+Profit+Notes+from+the+FireEye+Breach+Countermeasures/26870/ Flash Player EoL https://helpx.adobe.com/flash-player/release-note/fp_32_air_32_release_notes.html Subway Marketing System Hacked to Send TrickBot Malware Emails...

Dec 14, 20206 minEp 7290Transcript available on Metacast

ISC StormCast for Friday, December 11th 2020

Python Backdoor Talking to a C2 Through Ngrok https://isc.sans.edu/forums/diary/Python+Backdoor+Talking+to+a+C2+Through+Ngrok/26866/ Cisco Releases Improved Patch for Jabber Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ZktzjpgO https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/ SANS Holiday Hack Challenge https://holidayhackchallenge.com/2020/ Karim Lalji: Fear of the Unkown: A Metanalysis of Insecure Object Des...

Dec 11, 202013 minEp 7288Transcript available on Metacast

ISC StormCast for Thursday, December 10th 2020

Oblivious DoH https://blog.cloudflare.com/oblivious-dns/ HTTP Archive Almanach https://almanac.httparchive.org/en/2020/security Open Source IoT TCP/IP Stack Vulnerabilities https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/ Fireeye Red Team Tool Signatures https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html...

Dec 10, 20206 minEp 7286Transcript available on Metacast

ISC StormCast for Wednesday, December 9th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/December+2020+Microsoft+Patch+Tuesday+Exchange+Sharepoint+Dynamics+and+DNS+Spoofing/26860/ Adobe Patch Tuesday https://helpx.adobe.com/security.html OpenSSL Patch (Tuesday) https://www.openssl.org/news/secadv/20201208.txt...

Dec 09, 20206 minEp 7284Transcript available on Metacast

ISC StormCast for Tuesday, December 8th 2020

Corrupt BASE64 Strings: Detection and Decoding https://isc.sans.edu/forums/diary/Corrupt+BASE64+Strings+Detection+and+Decoding/26616/ Microsoft Teams Remote Code Execution Vulnerability (Patched) https://github.com/oskarsve/ms-teams-rce PlayStation Now RCE https://hackerone.com/reports/873614 Cisco Security Manager Java Deserialization Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD...

Dec 08, 20206 minEp 7282Transcript available on Metacast

ISC StormCast for Monday, December 7th 2020

Proxy Scanner Attempting to Connect to Specific Hostname https://isc.sans.edu/forums/diary/Is+IP+91199118137+testing+Access+to+aahwwx52hostxyz/26852/ Recovering Passwords From Pixelized Screenshots https://www.linkedin.com/pulse/recovering-passwords-from-pixelized-screenshots-sipke-mellema/ Tomcat Information Leak http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C52858194-2efd-6f17-1821-9036c8494df0%40apache.org%3E Google Updates https://chromereleases.googleblog.com/2020/1...

Dec 07, 20206 minEp 7280Transcript available on Metacast

ISC StormCast for Friday, December 4th 2020

Traffic Analysis Quiz: Mr. Natural https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Mr+Natural/26844/ An iOS Zero-Click Radio Proximity Exploit Odyssey https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html Github "State of the Octoverse" Report https://octoverse.github.com/static/2020-security-report.pdf Christopher Hurless: Open-Source Endpoint Detection and Response with CIS Benchmarks, OSQuery, Elastic Stack and The Hive https://www.sans.org/reading-room...

Dec 04, 202017 minEp 7278Transcript available on Metacast

ISC StormCast for Thursday, December 3rd 2020

Prevelance of DNS Spoofing https://arxiv.org/abs/2011.12978 New npm Malware Includes Bladabindi Trojan https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware DarkIRC Bot Exploits Recent Oracle WebLogic Vulnerablity https://blogs.juniper.net/en-us/threat-research/darkirc-bot-exploits-oracle-weblogic-vulnerability...

Dec 03, 20207 minEp 7276Transcript available on Metacast

ISC StormCast for Wednesday, December 2nd 2020

Xanthe Docker Aware Miner https://blog.talosintelligence.com/2020/12/xanthe-docker-aware-miner.html#more Ocean Lotus Mac Backdoor https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html OpenClinic vs OpenClinic GA https://labs.bishopfox.com/advisories/openclinic-version-0.8.2 https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01 https://sourceforge.net/p/open-clinic/discussion/1231980/thread/a2e8909fc5/ Register For Cyberstart https://www.cyberst...

Dec 02, 20209 minEp 7274Transcript available on Metacast

ISC StormCast for Tuesday, December 1st 2020

Decrypting PowerShell Payloads https://isc.sans.edu/forums/diary/Decrypting+PowerShell+Payloads+video/26838/ Trend Micro ServerProtect for Linux https://success.trendmicro.com/solution/000281950 WebKit Vulnerabilities https://blog.talosintelligence.com/2020/11/vuln-spotlight-webkit-use-after-free-nov-2020.html New Skimmer JS https://twitter.com/AffableKraut/status/1333258498910588928...

Dec 01, 20206 minEp 7272Transcript available on Metacast

ISC StormCast for Monday, November 30th 2020

Live Patching Windows API Calls Using PowerShell https://isc.sans.edu/forums/diary/Live+Patching+Windows+API+Calls+Using+PowerShell/26826/ Threat Hunting with JARM https://isc.sans.edu/forums/diary/Threat+Hunting+with+JARM/26832/ https://isc.sans.edu/forums/diary/Quick+Tip+Using+JARM+With+a+SOCKS+Proxy/26834/ Be Careful With IoT Gifts https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/ https://www.cyberscoop.com/smart-doorbells-amaz...

Nov 30, 20207 minEp 7270Transcript available on Metacast

ISC StormCast for Wednesday, November 25th 2020

The Special Case of TCP Resets https://isc.sans.edu/forums/diary/The+special+case+of+TCP+RST/26824/ VMWare Workspace Vulnerability https://www.theregister.com/2020/11/24/vmware_urges_sysadmins_to_implement/ Holiday Hack Challenge 2020 https://holidayhackchallenge.com/2020/...

Nov 25, 202011 minEp 7268Transcript available on Metacast

ISC StormCast for Tuesday, November 24th 2020

Quick Tip: Cobalt Strike Beacon Analysis https://isc.sans.edu/forums/diary/Quick+Tip+Cobalt+Strike+Beacon+Analysis/26818/ Godaddy Social Engineering Used to Compromise Bitcoin Exchange Domains https://blog.liquid.com/security-incident-november-13-2020 Spoofed FBI Domains https://www.ic3.gov/Media/Y2020/PSA201123...

Nov 24, 20204 minEp 7266Transcript available on Metacast

ISC StormCast for Monday, November 23rd 2020

Updates for VMWare ESXi; Fusion and Workstation https://www.vmware.com/security/advisories/VMSA-2020-0026.html IBM DB2 Vulnerability https://www.ibm.com/support/pages/node/6370025 https://www.ibm.com/support/pages/node/6370023 Fortinet SSL VPN Exploit Used to Collect Credentials https://twitter.com/Bank_Security/status/1329426020647243778...

Nov 23, 20204 minEp 7264Transcript available on Metacast

ISC StormCast for Friday, November 20th 2020

PowerShell Dropper Delivering Formbook https://isc.sans.edu/forums/diary/PowerShell+Dropper+Delivering+Formbook/26806/ Google Leading the Way in Phishing https://www.armorblox.com/blog/ok-google-build-me-a-phishing-campaign Identifying Malicious Servers With JARM https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a Daniel Behrens: Industrial Traffic Collection: Understanding the Implications of Deploying Visibility Without Impacting Producti...

Nov 20, 202016 minEp 7262Transcript available on Metacast

ISC StormCast for Thursday, November 19th 2020

When Security Controls Lead to Security Issues https://isc.sans.edu/forums/diary/When+Security+Controls+Lead+to+Security+Issues/26804/ Google Chrome Update https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html Firefox 83 HTTPS Only Mode https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/ OOB Windows Kerberos Update https://docs.microsoft.com/en-us/windows/release-information/windows-message-center Cisco WebEx Patch Fixes "Ghost Us...

Nov 19, 20205 minEp 7260Transcript available on Metacast

ISC StormCast for Wednesday, November 18th 2020

Apple Binaries Used to Bypass 3rd Party Security Products on MacOS 11 https://twitter.com/patrickwardle/status/1327726496203476992 Apple Improving Privacy on App Certificate Checks https://support.apple.com/en-us/HT202491 Cisco Security Manager Vulnerabilities https://gist.github.com/Frycos/8bf5c125d720b3504b4f28a1126e509e https://tools.cisco.com/security/center/publicationListing.x...

Nov 18, 20206 minEp 7258Transcript available on Metacast

ISC StormCast for Tuesday, November 17th 2020

Old Vulnerbilities Don't Die https://isc.sans.edu/forums/diary/Heartbleed+BlueKeep+and+other+vulnerabilities+that+didnt+disappear+just+because+we+dont+talk+about+them+anymore/26798/ Citrix Virtual Apps and Desktops Security Update https://support.citrix.com/article/CTX285059 Zoom Security Improvements https://blog.zoom.us/new-ways-to-combat-zoom-meeting-disruptions/ Firefox File Read Vulnerability Details https://medium.com/@kanytu/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4...

Nov 17, 20206 minEp 7256Transcript available on Metacast

ISC StormCast for Monday, November 16th 2020

Oledump Removed Macro Indicator https://isc.sans.edu/forums/diary/oledumps+Indicator/26794/ Old Worm But New Obfuscation Technique https://isc.sans.edu/forums/diary/Old+Worm+But+New+Obfuscation+Technique/26792/ MacOS OCSP Disaster https://blog.cryptohack.org/macos-ocsp-disaster VoltPillager: Hardware-base fault injection attacks against Instel SGX Enclaves using the SVID voltage scaling interface https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf...

Nov 16, 20207 minEp 7254Transcript available on Metacast

ISC StormCast for Friday, November 13th 2020

Preventing Exposed Azure Blob Storage https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/ Apple Security Updates https://support.apple.com/en-us/HT201222 DNS Cache Poisoning Attack Reloaded https://dl.acm.org/doi/pdf/10.1145/3372297.3417280 Rebel Powell: Poisoned Postman; Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment https://www.sans.org/reading-room/whitepapers/cloud/poisoned-postman-detecting-manipulation-compliance-features...

Nov 13, 202014 minEp 7252Transcript available on Metacast

ISC StormCast for Thursday, November 12th 2020

Traffic Analysis Quiz https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+DESKTOPFX23IK5/26780/ Open Source Security Scorecards https://github.com/ossf/scorecard Bitdefender: UPX Unpacking Featuring Ten Memory Corruptions https://landave.io/2020/11/bitdefender-upx-unpacking-featuring-ten-memory-corruptions/ Ubuntu 20.04 Privilege Escalation https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE...

Nov 12, 20206 minEp 7250Transcript available on Metacast

ISC StormCast for Wednesday, November 11th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+November+2020+Patch+Tuesday/26778/ "Platypus" Attack against Intel SGX https://platypusattack.com/ Adobe Updates https://helpx.adobe.com/security.html Firefox Updates https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950 Fingerprinting ADS-B Signals https://icnp20.cs.ucr.edu/proceedings/aimcom2/Real-World%20ADS-B%20signal%20recognition%20based%20on%20Radio%20Frequency%20Fingerprinting.pdf...

Nov 11, 20206 minEp 7248Transcript available on Metacast

ISC StormCast for Tuesday, November 10th 2020

How Attackers Brush Up Their Malicious Scripts https://isc.sans.edu/forums/diary/How+Attackers+Brush+Up+Their+Malicious+Scripts/26770/ RansomEXX Trojan Attacks Linux Systems https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/ Fake Microsoft Teams Updates Lead to Cobalt Strike Deployment https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/ More NPM Malare Found https://blog.sonatype.com/discord.dll-successor-to-npm-fallguys...

Nov 10, 20206 minEp 7246Transcript available on Metacast