SANS Daily Stormcast

Digital Dispatch Podcast Podcast Artwork Image

Johannes Ullrich

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter.

Contact Show

Recent Episodes

ISC StormCast for Wednesday, August 1st 2018 July 31, 2018

Powershell Inside Certificates https://blog.nviso.be/2018/07/31/powershell-inside-a-certificate-part-1/ TEMPEST is Back http://youtu.be/BpNP9b3aIfY?a Big Star Labs Spyware https://adguard.com/en/blog/big-star-labs-spyware/

ISC StormCast for Tuesday, July 31st 2018 July 30, 2018

DOSFuscation Campaign https://isc.sans.edu/forums/diary/Malicious+Word+documents+using+DOSfuscation/23932/ Let's Encrypt Outage https://letsencrypt.status.io Malvertising Campaign Insides https://research.checkpoint.com/malvertising-campaign-based-secrets-lies/

ISC StormCast for Monday, July 30th 2018 July 29, 2018

Summary of Earchings in Recent Sextortion Attack https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money/23922/ Adware Distributed with Legitimate Applications https://www.bleepingcomputer.com/news/security/fake-websites-for-keepass-7zip-audacity-others-found-pushing-adware/ https://twitter.com/JusticeRage PDF Editor Supply Chain Exploit https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/

ISC StormCast for Friday, July 27th 2018 July 26, 2018

NetSpectre: Read Arbitrary Memory over the Network https://misc0110.net/web/files/netspectre.pdf Google Play Store Bans Crypto Miners https://play.google.com/about/developer-content-policy-print/ Japanese Calendar Issues https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/ Multiple Vulnerabilities in Samsung SmartThings Hub https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html?m=1 Times Change and Your Training Data Should Too: The Effect of Training Data Recency on Twitter Classifiers. Ryan O'Grady https://www.sans.org/reading-room/whitepapers/artificialintelligence/times-change-training-data-too-effect-training-data-recency-twitter-classifiers-38500

ISC StormCast for Thursday, July 26th 2018 July 25, 2018

Etherscan.io XSS Vulnerability https://scotthelme.co.uk/xss-on-etherscan-io/ Tomcat Vulnerabilities Patched https://www.us-cert.gov/ncas/current-activity/2018/07/23/Apache-Releases-Security-Updates-Apache-Tomcat DNS over HTTPS Standard Finalized https://datatracker.ietf.org/wg/doh/about/ ERP Systems Targeted in Recent Attacks https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications

ISC StormCast for Wednesday, July 25th 2018 July 24, 2018

Emotet Update https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/ Clear Text Phone Tracking https://isc.sans.edu/forums/diary/Cell+Phone+Monitoring+Who+is+Watching+the+Watchers/23910/ Bluetooth Bug https://www.kb.cert.org/vuls/id/304725 Apache OpenWhisk Vulnerability https://www.puresec.io/blog/Apache_OpenWhisk_Mutability_Weakness?hs_preview=EpJUmSoY-5972289702

ISC StormCast for Tuesday, July 24th 2018 July 23, 2018

More Spectre https://arxiv.org/pdf/1807.07940.pdf July IE Patch Fixed older Remote Code Exec. Bug http://blogs.360.cn/blog/from-a-patched-itw-0day-to-remote-code-execution-part-i-from-patch-to-new-0day/ Google Chrome 68 Released Today. HTTP sites marked as "insecure" https://support.google.com/chrome/a/answer/7679408?hl=en DNS Rebinding Vulnerablity Common in IoT https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/

ISC StormCast for Monday, July 23rd 2018 July 22, 2018

New WebLogic Vulnerability Already Exploited https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/ Microsoft Edge Turns off XSS Protection https://portswigger.net/daily-swig/xss-protection-disappears-from-microsoft-edge Intel Management Engine Vulnerabilities https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html User Tracking With TLS 1.2 Certificates http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper2.pdf

ISC StormCast for Friday, July 20th 2018 July 19, 2018

Cisco Patches https://tools.cisco.com/security/center/publicationListing.x Diqee Smart Vacuum Vulnerabilities http://en.diqee.com/goods/1994.html Instagram About To Release 2FA Update https://techcrunch.com/2018/07/17/instagram-2-factor/ Reporting Malicious Websites https://isc.sans.edu/forums/diary/Reporting+Malicious+Websites+in+2018/23892/

ISC StormCast for Thursday, July 19th 2018 July 18, 2018

Increase in scans for port 15454 https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/ Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Venmo Public Transaction API https://publicbydefault.fyi Credential Stuffing Responsible for Majority of Login Attempts http://info.shapesecurity.com/2018-Credential-Spill-Report-by-Shape-Security

ISC StormCast for Wednesday, July 18th 2018 July 17, 2018

Searching for Geographically Improbably Login Attempts https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/ Typo3 CMS Update https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/ GitHub Expands Security Scanner to Python https://blog.github.com/2018-07-12-security-vulnerability-alerts-for-python/ Money Laundry Scheme Exposed by Open Mongo database. https://kromtech.com/blog/security-center/digital-laundry

ISC StormCast for Tuesday, July 17th 2018 July 16, 2018

Encrypted SNI in TLS 1.3 https://tools.ietf.org/html/draft-rescorla-tls-esni-00 Microsoft to Retire "Delta Updates" https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426 Practical GPS Spoofing of Navigation Devices https://www.microsoft.com/en-us/research/uploads/prod/2018/06/security18gps.pdf

ISC StormCast for Monday, July 16th 2018 July 16, 2018

Processing JSON https://isc.sans.edu/forums/diary/Video+Retrieving+and+processing+JSON+data+BTC+example/23874/ Cryptocoin Mining Javascript (yet again) https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/ Dahua Passwords Leaked/Cached by Search Engine https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/ MDM Used in Targeted Attack Against iPhone Users https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html

ISC StormCast for Friday, July 13th 2018 July 12, 2018

Extortion Claims Include Leaked Passwords to Appear more Plausiable https://isc.sans.edu/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/ npm Package Compromised and Used To Steal Credentials https://github.com/eslint/eslint-scope/issues/39#issuecomment-404533026 CIRCL IMAP Proxy https://github.com/CIRCL/IMAP-Proxy Checkpoint Names "Dorkbot" As A Top Threat (Signup required) https://research.checkpoint.com/cyber-attack-trends-2018-mid-year-report/

ISC StormCast for Thursday, July 12th 2018 July 11, 2018

Hello Peppa Followup https://isc.sans.edu/forums/diary/Well+Hello+Again+Peppa/23860/ Spectre 1.1 and 1.2 https://people.csail.mit.edu/vlk/spectre11.pdf Internet Exchanges Band Together against BGP Hijacking https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/ Google Enabled Site Isolation in Chrome https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/

ISC StormCast for Wednesday, July 11th 2018 July 10, 2018

MSFT Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+July+2018+now+with+Dashboard/23858/ https://patchtuesdaydashboard.com/ SettingContent-ms Files Blacklisted https://support.office.com/en-us/article/packager-activation-in-office-365-desktop-applications-52808039-4a7c-4550-be3a-869dd338d834?ui=en-US&rs=en-US&ad=US Adobe Patches https://helpx.adobe.com/security.html Stolen DLINK Certificate https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/

ISC StormCast for Tuesday, July 10th 2018 July 09, 2018

Reverse Shell via Weblogic Flaw https://isc.sans.edu/forums/diary/Criminals+Dont+Read+Instructions+or+Use+Strong+Passwords/23850/ Apple Patches Everything Again https://isc.sans.edu/forums/diary/Apple+Patches+Everything+Again/23852/ Microsoft Offers Better Azure AD Password Protection http://www.longevitytech.us/2018/07/09/azure-ad-password-protection-the-cloud-security-service-your-active-directory-needs-now/

ISC StormCast for Monday, July 9th 2018 July 08, 2018

Trivial Exploit For HP iLO 4 (patched last August) https://airbus-seclab.github.io/ilo/SSTIC2018-Article-subverting_your_server_through_its_bmc_the_hpe_ilo4_case-gazet_perigaud_czarny.pdf Flexible Miner/Ransomware https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/ Hacker Steals Gas From Gas Station https://gizmodo.com/hackers-reportedly-stole-600-gallons-of-gas-from-detroi-1827433411

ISC StormCast for Friday, July 6th 2018 July 05, 2018

Gentoo GitHub Breach Post Morten https://wiki.gentoo.org/wiki/Github/2018-06-28 Hamas Sets World Cup Trap for Israeli Soldiers https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX

ISC StormCast for Thursday, July 5th 2018 July 04, 2018

Progress Indication For Scripts in Windows https://isc.sans.edu/forums/diary/Progress+indication+for+scripts+on+Windows/23830/ Stylish Extension Steals History https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/ Data Leaks From Android Apps https://recon.meddle.mobi/panoptispy/

Older Entries Newer Entries