Internet Storm Centre Podcast

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

  • ISC StormCast for Friday, July 23rd, 2021
    by Johannes B. Ullrich, Ph.D. on July 23, 2021 at 2:10 am

    Akamai Outagehttps://isc.sans.edu/forums/diary/Lost+in+the+Cloud+Akamai+DNS+Outage/27660/ “Summer of SAM” Continueshttps://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Oracle Critical Patch Updatehttps://www.oracle.com/security-alerts/cpujul2021.html Kaseya Decryptor Availablehttps://www.kaseya.com/potential-attack-on-kaseya-vsa/ Jira Data Center and Jira Service Management Data Center Security Advisoryhttps://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html Forgot password? Taking over user accounts Kaminsky stylehttps://sec-consult.com/blog/detail/forgot-password-taking-over-user-accounts-kaminsky-style/

  • ISC StormCast for Thursday, July 22nd, 2021
    by Johannes B. Ullrich, Ph.D. on July 22, 2021 at 2:10 am

    Microsoft Published Summer of SAM Guidancehttps://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Apple Patches Everythinghttps://support.apple.com/en-us/HT201222 Formbook/XLoader Malware Ported to Machttps://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/ Pulse Secure Backdoorshttps://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting-pulse-secure-devices

  • ISC StormCast for Wednesday, July 21st, 2021
    by Johannes B. Ullrich, Ph.D. on July 21, 2021 at 2:05 am

    Windows Registry Hives Permission Problemhttps://isc.sans.edu/forums/diary/Summer+of+SAM+incorrect+permissions+on+Windows+1011+hives/27652/ HP Printer Drivers Allows Privilege Escalationhttps://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/ Linux Local Privilege Escalation in Filesystem Layerhttps://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909 FortiManager and FortiAnalyzer Vulnerabilityhttps://www.fortiguard.com/psirt/FG-IR-21-067

  • ISC StormCast for Tuesday, July 20th, 2021
    by Johannes B. Ullrich, Ph.D. on July 20, 2021 at 2:05 am

    New Windows Print Spooler Vulnerability – CVE-2021-34481https://isc.sans.edu/forums/diary/New+Windows+Print+Spooler+Vulnerability+CVE202134481/27648/ iOS/WatchOS/tvOS/Safari Updateshttps://support.apple.com/en-us/HT201222 iOS Format String Vulnerability Exploitable as RCEhttps://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/ Surfside Condo Collapse Scamshttps://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/

  • ISC StormCast for Monday, July 19th, 2021
    by Johannes B. Ullrich, Ph.D. on July 19, 2021 at 2:10 am

    Multiple BaseXX Obfuscationshttps://isc.sans.edu/forums/diary/Multiple+BaseXX+Obfuscations/27640/ Juniper Patches: Radius Vulnerabilityhttps://kb.juniper.net/InfoCenter/index?page=content&id=JSA11180&cat=SIRT_1&actp=LIST fail2ban vulnerabilityhttps://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm NSO Group Victims Leakedhttps://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/ Dangers of Autofilling Passwordshttps://marektoth.com/blog/password-managers-autofill/#analysis

  • ISC StormCast for Friday, July 16th, 2021
    by Johannes B. Ullrich, Ph.D. on July 16, 2021 at 2:05 am

    USPS Phishing Kit Reporting Data Back Via Telegramhttps://isc.sans.edu/forums/diary/USPS+Phishing+Using+Telegram+to+Collect+Data/27630/ Sonicwall Warns of Ransomwarehttps://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/ WooCommerce Flaw Exploitedhttps://www.wordfence.com/blog/2021/07/critical-sql-injection-vulnerability-patched-in-woocommerce/ KiwiSDR Backdoorhttps://www.bleepingcomputer.com/news/security/software-maker-removes-backdoor-giving-root-access-to-radio-devices/

  • ISC StormCast for Thursday, July 15th, 2021
    by Johannes B. Ullrich, Ph.D. on July 15, 2021 at 2:05 am

    One way to fail at malspam – give reipients the wrong passwordhttps://isc.sans.edu/forums/diary/One+way+to+fail+at+malspam+give+recipients+the+wrong+password+for+an+encrypted+attachment/27634/ Firefox Updateshttps://www.mozilla.org/en-US/security/advisories/mfsa2021-28/ SAP Netweaver Vulnerabilitieshttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 Joker Android Fleezwarehttps://blog.zimperium.com/joker-is-still-no-laughing-matter/ less.js RCEhttps://www.softwaresecured.com/exploiting-less-js

  • ISC StormCast for Wednesday, July 14th, 2021
    by Johannes B. Ullrich, Ph.D. on July 14, 2021 at 2:05 am

    Microsoft Patch Tuesdayhttps://isc.sans.edu/forums/diary/Microsoft+July+2021+Patch+Tuesday/27628/ Adobe Patch Tuesdayhttps://helpx.adobe.com/security/products/acrobat/apsb21-51.html ForgeRock OpenAM Vulnerabilityhttps://backstage.forgerock.com/knowledge/kb/article/a47894244 GMail Supporting BIMIhttps://cloud.google.com/blog/products/identity-security/bringing-bimi-to-gmail-in-google-workspace

  • ISC StormCast for Tuesday, July 13th, 2021
    by Johannes B. Ullrich, Ph.D. on July 13, 2021 at 2:00 am

    Kaseya Releases Patch and Hardening Guidehttps://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417 Solarwinds Advisory CVE-2021-35211https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211 Mint Mobile Breach and Portinghttps://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/ Twitter Verified Account Mistakehttps://twitter.com/conspirator0/status/1414475519609999366

  • ISC StormCast for Monday, July 12th, 2021
    by Johannes B. Ullrich, Ph.D. on July 12, 2021 at 2:00 am

    Scanning for Microsoft Secure Socket Tunneling Protocolhttps://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Secure+Socket+Tunneling+Protocol/27622/ Hancitor tries XLL as Initial Malware Filehttps://isc.sans.edu/forums/diary/Hancitor+tries+XLL+as+initial+malware+file/27618/ Android Updateshttps://source.android.com/security/bulletin/2021-07-01 Cisco Updateshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4 Job Seekers Attacked with Malicious Documentshttps://www.ehackingnews.com/2021/07/job-seeking-engineers-have-become.html

  • ISC StormCast for Friday, July 9th, 2021
    by Johannes B. Ullrich, Ph.D. on July 9, 2021 at 2:10 am

    Using Sudo With Python For More Security Controlshttps://isc.sans.edu/forums/diary/Using+Sudo+with+Python+For+More+Security+Controls/27614/ Fake Kaseya Updates Include CobaltStrike Payloadhttps://www.theregister.com/2021/07/07/kaseya_malware_patches_/ WildPressure macOS Trojanhttps://www.kaspersky.com/about/press-releases/2021_wildpressures-multi-platform-malware-hits-macos-in-the-middle-easthttps://www.patreon.com/posts/53462690 iCloud Password Reset Weaknessshttps://thezerohack.com/apple-vulnerability-bug-bounty

  • ISC StormCast for Thursday, July 8th, 2021
    by Johannes B. Ullrich, Ph.D. on July 8, 2021 at 2:05 am

    Microsoft Releases Patches for CVE-2021-34527 UPDATEDhttps://isc.sans.edu/forums/diary/Microsoft+Releases+Patches+for+CVE202134527/27610/ GitLab Updatehttps://www.ehackingnews.com/2021/07/gitlab-fixes-several-vulnerabilities.html Vulnerable NuGet Packageshttps://blog.secure.software/third-party-code-comes-with-some-baggage

  • ISC StormCast for Wednesday, July 7th, 2021
    by Johannes B. Ullrich, Ph.D. on July 7, 2021 at 2:05 am

    Microsoft Releases Printnightmare Patchhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 Kaseya Updatehttps://www.kaseya.com/potential-attack-on-kaseya-vsa/ Kaspersky Password Managerhttps://donjon.ledger.com/kaspersky-password-manager/ Amazon Echo Dot After Reset Artifactshttps://dl.acm.org/doi/pdf/10.1145/3448300.3467820

  • ISC StormCast for Tuesday, July 6th, 2021
    by Johannes B. Ullrich, Ph.D. on July 6, 2021 at 2:10 am

    Kaseya REvil Updatehttps://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incidenthttps://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64bhttps://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/ Printnightmare Updatehttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840chttps://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/https://github.com/LaresLLC/CVE-2021-1675 Expired RPM Key Problemhttps://github.com/rpm-software-management/rpm/issues/1598 Node.JS Updatehttps://nodejs.org/en/blog/vulnerability/july-2021-security-releases/

  • ISC StormCast for Monday, July 5th, 2021
    by Johannes B. Ullrich, Ph.D. on July 4, 2021 at 9:32 pm

    Kaseya VSA REvil Ransomware Incidenthttps://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incidenthttps://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64bhttps://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/

  • ISC StormCast for Friday, July 2nd, 2021
    by Johannes B. Ullrich, Ph.D. on July 2, 2021 at 2:10 pm

    Print Spooler printnightmare Updatehttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840chttps://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/https://github.com/LaresLLC/CVE-2021-1675

  • ISC StormCast for Thursday, July 1st, 2021
    by Johannes B. Ullrich, Ph.D. on July 1, 2021 at 2:00 am

    CVE-2021-1675 Incomplete Patch – Printnightmwarehttps://isc.sans.edu/forums/diary/CVE20211675+Incomplete+Patch+and+Leaked+RCE+Exploit/27588/ Internet Explorer PDF Updatehttps://support.microsoft.com/en-us/topic/june-29-2021-kb5004760-os-builds-19041-1082-19042-1082-and-19043-1082-out-of-band-9508f7a2-0713-432f-b06c-1ae6d802a2f7 NETGEAR Router Vulnerabilities (DGN-2200v1)https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/

  • ISC StormCast for Wednesday, June 30th, 2021
    by Johannes B. Ullrich, Ph.D. on June 30, 2021 at 2:05 am

    Google “Sweepstake” Phish Withouth Linkhttps://isc.sans.edu/forums/diary/Diving+into+a+Google+Sweepstakes+Phishing+Email/27578/ Forensics Contest Solution / Winnerhttps://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/ WD MyBook Detailshttps://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/ Adobe Experience Manager PoChttps://labs.detectify.com/2021/06/28/aem-crx-bypass-0day-control-over-some-enterprise-aem-crx-package-manager/

  • ISC StormCast for Tuesday, June 29th, 2021
    by Johannes B. Ullrich, Ph.D. on June 29, 2021 at 2:05 am

    CFBF Files Strings Analysishttps://isc.sans.edu/forums/diary/CFBF+Files+Strings+Analysis/27576/ Google Compute Engine Platform RCEhttps://github.com/irsl/gcp-dhcp-takeover-code-exec Details From Microsoft About Netfilter Malwarehttps://msrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/

  • ISC StormCast for Monday, June 28th, 2021
    by Johannes B. Ullrich, Ph.D. on June 28, 2021 at 2:05 am

    Increase in UDP Port 389 Scans (LDAP/AD)https://isc.sans.edu/forums/diary/Is+this+traffic+bAD/27566/ CD/DVD Destructionhttps://isc.sans.edu/forums/diary/DIY+CDDVD+Destruction/27572/ Zyxel Exploitshttps://twitter.com/JAMESWT_MHT/status/1407987022170578946https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018137&lang=EN Cisco Vulnerability Exploitedhttps://threatpost.com/cisco-asa-bug-exploited-poc/167274/ Microsoft Signs Netfilter Rootkithttps://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit

Share This Information.

4 thoughts on “Internet Storm Centre Podcast

  1. Oh my goodness! Impressive article dude! Thank you, However I am experiencing problems with your RSS.
    I don’t understand why I can’t join it. Is there anybody else having similar RSS problems?
    Anybody who knows the answer can you kindly respond?

    Thanks!!

  2. We absolutely love your blog websitecyber and find the majority of your post’s to be precisely what I’m looking for. Do you offer guest writers to write content for yourself? I wouldn’t mind producing a post or elaborating on many of the subjects you write related to here. Again, awesome web log!

    1. Hi Jeanene,

      It great to hear that you love websitecyber and that our posts are precisely what you have been looking for. We don’t offer guest writers on our blog because we maintain the security of our website to the highest standard possible.

      Cheers,
      Websitecyber

Leave a Reply

Your email address will not be published. Required fields are marked *