SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

‌

Episodes

‌

Johannes B. Ullrich•isc.sans.edu

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Episodes

ISC StormCast for Monday, October 14th, 2024

Windows PPTP and L2TP Deprecation https://techcommunity.microsoft.com/t5/windows-server-news-and-best/pptp-and-l2tp-deprecation-a-new-era-of-secure-connectivity/ba-p/4263956 BIG-IP LTM Systems Unencrypted Cookie Exploitation https://www.cisa.gov/news-events/alerts/2024/10/10/best-practices-configure-big-ip-ltm-systems-encrypt-http-persistence-cookies https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/ https://www.welivesecurity.com/en/eset-resea...

Oct 14, 2024•6 min•Ep 9178•Transcript available on Metacast

ISC StormCast for Friday, October 11th, 2024

Palo Alto Expedition: From N-Day to Full Compromise https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/ Firefox 0-Day https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ GitLab Vulnerabilities Patched https://securityonline.info/cve-2024-9164-cvss-9-6-gitlab-users-urged-to-update-now/...

Oct 11, 2024•5 min•Ep 9176•Transcript available on Metacast

ISC StormCast for Thursday, October 10th, 2024

From Perfctl to InfoStealer https://isc.sans.edu/diary/From%20Perfctl%20to%20InfoStealer/31334 Wazuh Abused by Miner Campaign https://securelist.com/miner-campaign-misuses-open-source-siem-agent/114022/ USB Sticks Still Bridge Airgaps https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/ Fortigate Vulnerability now being exploited https://nvd.nist.gov/vuln/detail/CVE-2024-23113...

Oct 10, 2024•6 min•Ep 9174•Transcript available on Metacast

ISC StormCast for Wednesday, October 9th, 2024

Microsoft Patch Tuesday - October 2024 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20October%202024/31336 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html The Disappearance of an Internet Domain https://every.to/p/the-disappearance-of-an-internet-domain...

Oct 09, 2024•7 min•Ep 9172•Transcript available on Metacast

ISC StormCast for Tuesday, October 8th, 2024

macOS Sequoia: System/Network Admins, Hold On! https://isc.sans.edu/diary/macOS%20Sequoia%3A%20System%20Network%20Admins%2C%20Hold%20On!/31330 Cisco Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms Apple iTunes PoC https://github.com/mbog14/CVE-2024-44193 Attackers used ISP's Wiretap System to Spy on Users https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835 https://www.bleepi...

Oct 08, 2024•6 min•Ep 9170•Transcript available on Metacast

ISC StormCast for Monday, October 7th, 2024

Survey of CUPS exploit URLs https://isc.sans.edu/diary/Survey%20of%20CUPS%20exploit%20attempts/31326 Exposed LDAP Servers https://www.usenix.org/conference/usenixsecurity24/presentation/kaspereit Exploiting Visual Studio via Dump Files https://ynwarcs.github.io/exploiting-vs-dump-files Apple Security Updates https://support.apple.com/en-us/100100 Free API Security Workshop https://www.sans.org/webcasts/aviata-solo-flight-challenge-cloud-security-workshop-chapter-7/...

Oct 07, 2024•6 min•Ep 9168•Transcript available on Metacast

ISC StormCast for Friday, October 4th, 2024

Kickstart Your DShield Honeypot https://isc.sans.edu/diary/Kickstart%20Your%20DShield%20Honeypot%20%5BGuest%20Diary%5D/31320 CreanaKeeper Use of Cloud Services https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/ Pixel Addressing Vulnerabilities in Cellular Modems https://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html Optigo Spectra Vulnerabilities https://claroty.com/team82/disclosure-dashboard/cve-2024-41925 h...

Oct 04, 2024•6 min•Ep 9166•Transcript available on Metacast

ISC StormCast for Thursday, October 3rd, 2024

Security Related Docker Containers https://isc.sans.edu/diary/Security%20related%20Docker%20containers/31318 CUPS DDoS Attack https://www.akamai.com/blog/security-research/october-cups-ddos-threat Draytek Vulnerabilities https://www.forescout.com/resources/draybreak-draytek-research/ SANS Munich (free Community Night Tuesday October 15th) https://www.sans.org/cyber-security-training-events/munich-october-2024/...

Oct 03, 2024•7 min•Ep 9164•Transcript available on Metacast

ISC StormCast for Wednesday, October 2nd, 2024

Hurricane Helene Aftermath - Cyber Security Awareness Month https://isc.sans.edu/diary/Hurricane%20Helene%20Aftermath%20-%20Cyber%20Security%20Awareness%20Month/31314 Zimbra - Remote Command Execution (CVE-2024-45519) https://blog.projectdiscovery.io/zimbra-remote-code-execution/ Enhancing the security of Microsoft Edge extensions with the new Publish API https://blogs.windows.com/msedgedev/2024/09/30/enhanced-security-for-extensions-with-new-publish-api/ CVE-2024-36435 Deep-Dive: The Year s Mos...

Oct 02, 2024•6 min•Ep 9162•Transcript available on Metacast

ISC StormCast for Tuesday, October 1st, 2024

Tool Update: mac-robber.py, le-hex-to-ip.py https://isc.sans.edu/diary/Tool%20update%3A%20mac-robber.py%20and%20le-hex-to-ip.py/31310 Ransomware Attacks Expanding to Hybrid Cloud Environments https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/ Update on Recall Security and Privacy Architecture https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/ Detecting Ransomware in...

Oct 01, 2024•6 min•Ep 9160•Transcript available on Metacast

ISC StormCast for Monday, September 30th, 2024

CUPS Vulnerability https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302 PHP Updates https://www.php.net/ChangeLog-8.php#8.1.30 DNS And Big Chinese Firewall https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall https://isc.sans.edu/diary/Are+You+Piratebay+thepiratebayorg+Resolving+to+Various+Hosts/19175 HPE Aruba Networking Vulnerabilities https://support.hpe.com/hpesc/public/docDisplay...

Sep 30, 2024•7 min•Ep 9158•Transcript available on Metacast

ISC StormCast for Friday, September 27th, 2024

Patch for Critical CUPS vulnerability: Don't Panic https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302

Sep 27, 2024•7 min•Ep 9156•Transcript available on Metacast

ISC StormCast for Thursday, September 26th, 2024

DNS Reflection Update and Corrupted DNS Requests https://isc.sans.edu/diary/DNS%20Reflection%20Update%20and%20Odd%20Corrupted%20DNS%20Requests/31296 CVE-2024-28987 Solarwinds Web Help Desk Hardcoded Credentials Vulnerability https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/ cve-2024-28987 Watchguard Unauthenticated and Unencrypted SSO Protocol https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006/ https://www.wa...

Sep 26, 2024•7 min•Ep 9154•Transcript available on Metacast

ISC StormCast for Wednesday, September 25th, 2024

Exploitation of RAISECOM Gateway Devices CVE-2024-7120 https://isc.sans.edu/diary/Exploitation%20of%20RAISECOM%20Gateway%20Devices%20Vulnerability%20CVE-2024-7120/31292 Cellopoint Vulnerability CVE-2024-9043 https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html Cisco Smart Licensing Vulnerability Details https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html Ivanti Virtual Traffic Manager Exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog GNU ...

Sep 25, 2024•5 min•Ep 9152•Transcript available on Metacast

ISC StormCast for Tuesday, September 24th, 2024

Phishing Links With @ Sign https://isc.sans.edu/diary/Phishing%20links%20with%20%40%20sign%20and%20the%20need%20for%20effective%20security%20awareness%20building/31288 Kaspersky Deletes Itself Installs UltraAV Antivirus Without Warning https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/ Microchip ASF tinydhcp Vulnerability https://kb.cert.org/vuls/id/138043...

Sep 24, 2024•6 min•Ep 9150•Transcript available on Metacast

ISC StormCast for Monday, September 23rd, 2024

Windows Server Update Services Deprecation https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-server-update-services-wsus-deprecation/ba-p/4250436 Windows Server 2025 Hotpatches https://techcommunity.microsoft.com/t5/windows-server-news-and-best/now-in-preview-hotpatch-for-windows-server-2025/ba-p/4248296 Google Suggests Not Using WHOIS for Certificate Validation https://lists.cabforum.org/pipermail/servercert-wg/2024-September/004821.html Versa Director Vulnerability https://sec...

Sep 23, 2024•5 min•Ep 9148•Transcript available on Metacast

ISC StormCast for Friday, September 20th, 2024

Fake GitHub Site Targeting Developers https://isc.sans.edu/diary/Fake%20GitHub%20Site%20Targeting%20Developers/31282 Ivanti CSA 4.6 Advisory https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US German Police Deanonymizes Tor User https://blog.torproject.org/tor-is-still-safe/ Ever wonder how crooks get the credentials to unlock stolen phones? https://arstechnica.com/security/2024/09/cops-bust-website-crooks-used-to-unlock-1-2-...

Sep 20, 2024•8 min•Ep 9146•Transcript available on Metacast

ISC StormCast for Thursday, September 19th, 2024

Python Infostealer Patching Windows Exodus App https://isc.sans.edu/diary/Python%20Infostealer%20Patching%20Windows%20Exodus%20App/31276 Service Now Knoledge Bases Data Exposures https://appomni.com/ao-labs/servicenow-knowledge-bases-data-exposures-uncovered/ Gitlab Patch https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/ Aruba Patch https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US...

Sep 19, 2024•4 min•Ep 9144•Transcript available on Metacast

ISC StormCast for Wednesday, September 18th, 2024

23:59, Time to Exfiltrate! https://isc.sans.edu/diary/23%3A59%2C%20Time%20to%20Exfiltrate!/31272 Critical VMWare VCenter Vulnerability https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/ Zero-Click Calendar invite - Critical zero-click vulnerability chain in macOS https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b Google Adds Latest Post Quantum Encryption Standard to Chrome https://securit...

Sep 18, 2024•5 min•Ep 9142•Transcript available on Metacast

ISC StormCast for Tuesday, September 17th, 2024

Managing PE Files with Overlays https://isc.sans.edu/forums/diary/Managing%20PE%20Files%20With%20Overlays/31268/ Apple Updates https://support.apple.com/en-us/100100 Ivanti EOL Cloud Service Appliances https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance Microsoft Revises September Update https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43461 DLink Vulnerabilities https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html https://w...

Sep 17, 2024•5 min•Ep 9140•Transcript available on Metacast

ISC StormCast for Monday, September 16th, 2024

Finding Honeypot Clusters Using DBSCAN https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%202/31194 Auto IT Credential Flusher https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html Ivanti Patches https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpo...

Sep 16, 2024•6 min•Ep 9138•Transcript available on Metacast

ISC StormCast for Friday, September 13th, 2024

Compromise of old hostname .mobi whois server https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/ Microsoft Reconsidering Security Tool API https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/ Microsoft implents PQC in SymCrypt https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-s-quantum-resistant-cryptography-is-here/ba-p/4238780 GitLab Patch http...

Sep 13, 2024•5 min•Ep 9136•Transcript available on Metacast

ISC StormCast for Wednesday, September 11th, 2024

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20September%202024%20Patch%20Tuesday/31254 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Ivanti Patches https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US...

Sep 11, 2024•6 min•Ep 9134•Transcript available on Metacast

ISC StormCast for Tuesday, September 10th, 2024

Critical Loadmaster Security Vulnerability https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591 HA Proxy Patch https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html Akira Ransomware Campaign Targeting Sonicwall SSLVPN Accounts https://arcticwolf.com/resources/blog/arctic-wolf-observes-akira-ransomware-campaign-targeting-sonicwall-sslvpn-accounts/ Kibana Deserializatio Vulnerability https://discuss.elastic.co/t/kibana-8-...

Sep 10, 2024•4 min•Ep 9132•Transcript available on Metacast

ISC StormCast for Monday, September 9th, 2024

Password Cracking Energy: More Details https://isc.sans.edu/diary/Password%20Cracking%20%26%20Energy%3A%20More%20Dedails/31242 Python Notpad ++ https://isc.sans.edu/diary/Python%20%26%20Notepad%2B%2B/31240 Fake LinkedIn Job Ads https://cloud.google.com/blog/topics/threat-intelligence/examining-web3-heists/ Android Crypto Passphrase Stealer with OCR https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/ Sextortion Scam N...

Sep 09, 2024•6 min•Ep 9130•Transcript available on Metacast

ISC StormCast for Friday, September 6th, 2024

Enrichment Data: Keeping it Fresh https://isc.sans.edu/diary/Enrichment%20Data%3A%20Keeping%20it%20Fresh/31236 Veeam Update https://www.veeam.com/kb4649 New OFBiz Vulnerabilities https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/ Cisco Smart License Manager Patches https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw...

Sep 06, 2024•6 min•Ep 9128•Transcript available on Metacast

ISC StormCast for Thursday, September 5th, 2024

Scans for Moodle Learning Platform Following Recent Update https://isc.sans.edu/diary/Scans+for+Moodle+Learning+Platform+Following+Recent+Update/31230 PyPi Rivival HiJack https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/ Android Updates https://source.android.com/docs/security/bulletin/2024-09-01 Mediatec WAPPD PoC Exploit https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html#wrapping-up...

Sep 05, 2024•7 min•Ep 9126•Transcript available on Metacast

ISC StormCast for Wednesday, September 4th, 2024

Protected OOXML Text Documents https://isc.sans.edu/diary/Protected%20OOXML%20Text%20Documents/31078 Sextortion E-Mails with Photos https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/ Zyxel OS Command Injection Vulnerability https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024 D-Link DIR-846W Unpatched RCE Vulnerabilities https://supportannouncemen...

Sep 04, 2024•7 min•Ep 9124•Transcript available on Metacast

ISC StormCast for Tuesday, September 3rd, 2024

Wireshark 4.4: Converting Display Filters to BPF Capture Filters https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224 GitHub Comments Used to Spread Malware https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/ Voldemort Malware Curses Orgs Using Global Tax Authorities https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agent...

Sep 03, 2024•6 min•Ep 9122•Transcript available on Metacast

ISC StormCast for Friday, August 30th, 2024

Live Patching DLLs with Python https://isc.sans.edu/diary/Live%20Patching%20DLLs%20with%20Python/31218 Global Protect Phishing https://www.trendmicro.com/en_us/research/24/h/threat-actors-target-middle-east-using-fake-tool.html BlackByte Ransomware Update https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/ The Risks Lurking in Publicly Exposed GenAI Development Services https://www.legitsecurity.com/blog/t...

Aug 30, 2024•14 min•Ep 9120•Transcript available on Metacast