SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) - podcast cover

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrichisc.sans.edu
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Episodes

ISC StormCast for Tuesday, May 28th, 2024

Files with TGZ Extension used as malspam attachements https://isc.sans.edu/diary/Files%20with%20TXZ%20extension%20used%20as%20malspam%20attachments/30958 Google 0-Day https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html Google Stops Trusting Globaltrust CA https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ Checkpoint warns of password bruteforcing https://blog.checkpoint.com/security/enhance-your-vpn-security-posture?campaign=checkpoint...

May 28, 20246 minEp 8998Transcript available on Metacast

ISC StormCast for Friday, May 24th, 2024

Analysis of 'redtail' file uploads to ISC Honeypot https://isc.sans.edu/diary/Analysis%20of%20%3Fredtail%3F%20File%20Uploads%20to%20ICS%20Honeypot%2C%20a%20Multi-Architecture%20Coin%20Miner%20%5BGuest%20Diary%5D/30950 Veeam Vulnerablity https://www.veeam.com/kb4581 C-Root Server Lost Touch With Peers https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/ Ivanti Vulnerabilities https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-add...

May 24, 20247 minEp 8996Transcript available on Metacast

ISC StormCast for Thursday, May 23rd, 2024

NMAP Scanning Without Scanning - The ipinfo API https://isc.sans.edu/diary/NMAP%20Scanning%20without%20Scanning%20%28Part%202%29%20-%20The%20ipinfo%20API/30948 Why Your WiFi Router Doubles As An Apple Airtag https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/#more-67551 https://account.microsoft.com/privacy/location-services-opt-out https://answers.microsoft.com/en-us/windows/forum/all/wifi-sense-my-ssid-includes-optout-why-do-windows/1453142a-755a-476f-aa48-56d...

May 23, 20249 minEp 8994Transcript available on Metacast

ISC StormCast for Wednesday, May 22nd, 2024

Scanning without Scanning with nmap https://isc.sans.edu/diary/Scanning%20without%20Scanning%20with%20NMAP%20%28APIs%20FTW%29/30944 iTerm2 Vulnerablities https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html GitHub Enterprise Vulnerablity CVE-2024-4985 https://nvd.nist.gov/vuln/detail/CVE-2024-4985 BitBucket Pipelines Leaking Secrets https://cloud.google.com/blog/topics/threat-intelligence/bitbucket-pi...

May 22, 20247 minEp 8992Transcript available on Metacast

ISC StormCast for Tuesday, May 21st, 2024

Analyzing MSG Files https://isc.sans.edu/diary/Analyzing%20MSG%20Files/30940 Linguistic Lumberjack: Fluent Bit Vulnerability CVE-2024-4323 https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323 Fortinet FortiSIEM Command Injection Deep-Dive CVE-2023-23992 https://www.horizon3.ai/attack-research/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/ Git Vulnerability CVE-2024-32002 PoC https://amalmurali.me/posts/git-rce/...

May 21, 20246 minEp 8990Transcript available on Metacast

ISC StormCast for Monday, May 20th, 2024

Another PDF Streams Example: Extracting JPEGs https://isc.sans.edu/diary/Another%20PDF%20Streams%20Example%3A%20Extracting%20JPEGs/30924 QNAP QTS QNAPping At the Wheel https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/ May 2024 Security Update Problems with Windows 2019 https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#3299msgdesc Dlink Vulnerabilities Exploited https://www.cisa.gov/news-events/alerts/2024/0...

May 20, 20246 minEp 8988Transcript available on Metacast

ISC StormCast for Friday, May 17th, 2024

Why yq? Adventurs in XML https://isc.sans.edu/diary/Why%20yq%3F%20%20Adventures%20in%20XML/30930 Black Basta Uses Quick Assist https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/ Various Chrome 0-Day Vulnerabilities https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html Android Theft Protection Improvement https://blog.google/products/android/android-theft-protection/ Cr...

May 17, 20245 minEp 8986Transcript available on Metacast

ISC StormCast for Thursday, May 16th, 2024

Got MFA? If not, now is the time! https://isc.sans.edu/diary/Got%20MFA%3F%20%20If%20not%2C%20Now%20is%20the%20Time!/30926 SSID Confusion: Making Wi-Fi Clients Connect to the Wrong Network CVE-2023-52424 https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf FIDO2 MitM Session Hijacking https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/?web_view=true#but-first-some-background...

May 16, 20246 minEp 8984Transcript available on Metacast

ISC StormCast for Wednesday, May 15th, 2024

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20May%202024%20Patch%20Tuesday/30920 Detecting Bluetooth Trackers https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html Adobe Patches https://helpx.adobe.com/security/products/acrobat/apsb24-29.html VMWare Updates https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 Revoking Vulnerability Windows Boot Managers https://techcommunity.microsoft.com/t5/windows...

May 15, 20248 minEp 8982Transcript available on Metacast

ISC StormCast for Tuesday, May 14th, 2024

Apple Updates Everything https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20macOS%2C%20iOS%2C%20iPadOS%2C%20watchOS%2C%20tvOS%20updated./30916 Juniper OpenSSH Update https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH?language=en_US Malicious Go Binary Delivered via Steganography in PyPi https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/...

May 14, 20246 minEp 8980Transcript available on Metacast

ISC StormCast for Monday, May 13th, 2024

DNS Suffixes on Windows https://isc.sans.edu/diary/DNS%20Suffixes%20on%20Windows/30912 Black Basta Ransomware Advisory https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a Possible Exploitation of Arcserve Unified Data Protection Vuln https://digital.nhs.uk/cyber-alerts/2024/cc-4487 Chrome Patches 0-Day https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html Solarwinds ARM Vulnerablities https://documentation.solarwinds.com/en/success_center/arm/cont...

May 13, 20246 minEp 8978Transcript available on Metacast

ISC StormCast for Friday, May 10th, 2024

Analyzing PDF Streams https://isc.sans.edu/diary/Analyzing%20PDF%20Streams/30908 F5 Next Central Manager Vulnerabilities https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/ Veeam Patches https://www.veeam.com/kb4441 https://www.veeam.com/kb4509 Citrix Hypervisor Security Update CVE-2024-31497 https://support.citrix.com/article/CTX633416/citrix-hypervisor-security-update-for-cve202431497...

May 10, 20246 minEp 8976Transcript available on Metacast

ISC StormCast for Thursday, May 9th, 2024

Analzying Synology Disks https://isc.sans.edu/diary/Analyzing%20Synology%20Disks%20on%20Linux/30904 RSA Panel https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques%20You%20Need%20to%20Know%20About SANS.edu Research Journal https://www.sans.edu/cyber-security-research...

May 09, 20246 minEp 8974Transcript available on Metacast

ISC StormCast for Wednesday, May 8th, 2024

Detecting XFinity/Comcast DNS Spoofing https://isc.sans.edu/diary/Detecting%20XFinity%20Comcast%20DNS%20Spoofing/30898 Weblogic PoC CVE-2024-21006 https://pwnull.github.io/2024/oracle%20weblogic%20CVE-2024-21006%20Double-JNDInjection%20RCE%20analyze/ https://github.com/momika233/CVE-2024-21006 PDF.js React PDF Vulnerablity https://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/ Tinyproxy Response https://github.com/tinyproxy/tiny...

May 08, 20248 minEp 8972Transcript available on Metacast

ISC StormCast for Tuesday, May 7th, 2024

DHCP Based VPN Routing Leaks https://www.leviathansecurity.com/blog/tunnelvision Mullvad VPN DNS Traffic Leak https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android Tiny Proxy Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889...

May 07, 20246 minEp 8970Transcript available on Metacast

ISC StormCast for Monday, May 6th, 2024

DNS Debugging with nslookup https://isc.sans.edu/diary/nslookups+Debug+Options/30894/ Microsoft Plans DNS Lockdown https://techcommunity.microsoft.com/t5/networking-blog/announcing-zero-trust-dns-private-preview/ba-p/4110366 Microsoft Graph API Abuse https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats SANSFIRE SEC522 Defending Web Applications https://www.sans.org/cyber-security-training-events/sansfire-2024/...

May 06, 20246 minEp 8968Transcript available on Metacast

ISC StormCast for Friday, May 3rd, 2024

https://isc.sans.edu/diary/Scans%20Probing%20for%20LB-Link%20and%20Vinga%20WR-AC1200%20routers%20CVE-2023-24796/30890 Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796 Buffer Overflow Vulnerabilities in ArubaOS https://www.arubanetworks.com/support-services/security-bulletins/ The Cuttlefish Malware https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/...

May 03, 20246 minEp 8966Transcript available on Metacast

ISC StormCast for Thursday, May 2nd, 2024

Linux Trojan - Xorddos with Filename eyshcjdmzg https://isc.sans.edu/diary/Linux%20Trojan%20-%20Xorddos%20with%20Filename%20eyshcjdmzg/30880 AWS S3 Denial of Wallet Amplification Attack https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1 https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d EU iOS Safari Allows User Tracking https://www.mysk.blog/2024/04/28/safari-tracking/ BentoML Critical Deserialization ...

May 02, 20247 minEp 8964Transcript available on Metacast

ISC StormCast for Wednesday, May 1st, 2024

Another Day, Another NAS: Attacks against Zyxel NAS326 Devices CVE-2023-4473, CVE-2023-4474 https://isc.sans.edu/diary/Another%20Day%2C%20Another%20NAS%3A%20Attacks%20against%20Zyxel%20NAS326%20devices%20CVE-2023-4473%2C%20CVE-2023-4474/30884 R-Bitrary Code Execution: Vulnearbility in R's Deserialization https://hiddenlayer.com/research/r-bitrary-code-execution/ Coordinated Docker Hub Attacks using Malicious Repositories https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-reposit...

May 01, 20247 minEp 8962Transcript available on Metacast

ISC StormCast for Tuesday, April 30th, 2024

DLink NAS Exploit Variation https://www.qnap.com/en/security-advisory/qsa-24-09 Muddling Meerkat DNS Abuse https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/ Android TV Data Leakage https://www.youtube.com/watch?v=QiyBXXO8QpA https://www.404media.co/android-tvs-can-expose-user-email-inboxes/ SEC522: SANSFIRE https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices/ SEC522 Demo (requires free ac...

Apr 30, 20247 minEp 8960Transcript available on Metacast

ISC StormCast for Monday, April 29th, 2024

Okta warns of increase in credential stuffing https://sec.okta.com/blockanonymizers Fake payment cards used by Police in Japan https://twitter.com/vxunderground/status/1783522097425211887 Phishing Campaigns Targeting USPS https://www.akamai.com/blog/security-research/phishing-usps-malicious-domains-traffic-equal-to-legitimate-traffic Chrome 124 Breaks TLS Handshake https://www.reddit.com/r/sysadmin/comments/1carvpd/chrome_124_breaks_tls_handshake/...

Apr 29, 20247 minEp 8958Transcript available on Metacast

ISC StormCast for Friday, April 26th, 2024

Does it matter if iptables isn't running on my honeypot? https://isc.sans.edu/forums/diary/Does%20it%20matter%20if%20iptables%20isn't%20running%20on%20my%20honeypot%3F/30862/ Unplugging PlugX: Singholing the PlugX USB worm botnet https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/ pfSense Updates https://docs.netgate.com/advisories/index.html GitLab Updates https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/ Matthew Alan Vorhees: Preventi...

Apr 26, 202420 minEp 8956Transcript available on Metacast

ISC StormCast for Thursday, April 25th, 2024

API Rug Pull - The NIST NVD Database and API https://isc.sans.edu/diary/API%20Rug%20Pull%20-%20The%20NIST%20NVD%20Database%20and%20API%20%28Part%204%20of%203%29/30868 Cisco Patches Vulnerabilities and Discovers Arcane Backdoor https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/ Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal...

Apr 25, 20246 minEp 8954Transcript available on Metacast

ISC StormCast for Wednesday, April 24th, 2024

Struts2 devmode Still a Problem Ten Years Later https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/ Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028 https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/ April 2024 Exchange Server Hotfix Update https://techcommunity.microsoft.com/t5/exchange...

Apr 24, 20246 minEp 8952Transcript available on Metacast

ISC StormCast for Tuesday, April 23rd, 2024

Number of Industrial Devices Accessible From Internet Up 30 Thousand over three years https://isc.sans.edu/diary/It%20appears%20that%20the%20number%20of%20industrial%20devices%20accessible%20from%20the%20internet%20has%20risen%20by%2030%20thousand%20over%20the%20past%20three%20years/30860 Evil XDR: Turning an XDR into an Offensive Tool https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware GitLab Comment Bug https://www.bleepingcomputer...

Apr 23, 20246 minEp 8950Transcript available on Metacast

ISC StormCast for Monday, April 22nd, 2024

The CVE's They are A-Changing https://isc.sans.edu/diary/The%20CVE%27s%20They%20are%20A-Changing!/30850 CrushFTP 0-Day Vulnerability https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ GitHub Comment Bug Used to Distribute Malware https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/ YubiKey Manager Privilege Escalation https://www....

Apr 22, 20246 minEp 8948Transcript available on Metacast

ISC StormCast for Friday, April 19th, 2024

Delinea Secret Server Authn Authz Bypass https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3 Ivanti Avalanche Poc/Details https://www.tenable.com/security/research/tra-2024-10 Advanced Phishing Campaign https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit Hashicorp go-getter update CVE-2024-3817 https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-w...

Apr 19, 20245 minEp 8946Transcript available on Metacast

ISC StormCast for Thursday, April 18th, 2024

Malicious PDF File As Delivery Mechanism https://isc.sans.edu/diary/Malicious%20PDF%20File%20Used%20As%20Delivery%20Mechanism/30848 Updated Palo Alto Networks GlobalProtect Guidance https://security.paloaltonetworks.com/CVE-2024-3400 Coordinated Social Engineering Takeovers of Open Source Projects; https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/ OpenMetaData Attacks https://www.microsoft...

Apr 18, 20245 minEp 8944Transcript available on Metacast

ISC StormCast for Wednesday, April 17th, 2024

Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400 https://isc.sans.edu/forums/diary/Palo%20Alto%20Networks%20GlobalProtect%20exploit%20public%20and%20widely%20exploited%20CVE-2024-3400/30844/ Putty Private Key Recovery https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpuapr2024.html Ivanti Avalanche MDM Patches https://forums.ivanti.com/s/article/Avalanche-6-4-3-Sec...

Apr 17, 20246 minEp 8942Transcript available on Metacast

ISC StormCast for Tuesday, April 16th, 2024

Quick Palo Alto Networks Global Protect Vulnerablity Update CVE-2024-3400 https://isc.sans.edu/diary/30838 Delinea patches critical vulnerability in secret manager https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3 Lancom Windows Setup Assistant May Reset Password https://www.lancom-systems.com/service-support/general-security-information PHP Patches https://seclists.org/oss-sec/2024/q2/113 Duo SMS and VoiP Logs Leaked https://app.securitymsp.cisco.com/e/es?e=2785&eid=opguvrs...

Apr 16, 20246 minEp 8940Transcript available on Metacast
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) - Listen or read transcript on Metacast