Internet Storm Centre Podcast

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

  • ISC StormCast for Friday, October 22nd, 2021
    by Johannes B. Ullrich, Ph.D. on October 22, 2021 at 2:00 am

    Stolen Images Evidence Campaign Pushes Sliver Based Malwarehttps://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/ FiveSys Rootkit Signed By Microsofthttps://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf Oracle Critical Patch Updatehttps://www.oracle.com/security-alerts/cpuoct2021.html WinRAR Vulnerabilityhttps://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/ Crypto Mining npm Librarieshttps://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices

  • ISC StormCast for Thursday, October 21st, 2021
    by Johannes B. Ullrich, Ph.D. on October 21, 2021 at 2:00 am

    Thanks to Covid 19: New Types of Documents are Lost in the Wildhttps://isc.sans.edu/forums/diary/Thanks+to+COVID19+New+Types+of+Documents+are+Lost+in+The+Wild/27952/ Google Chrome 95 Releasedhttps://chromestatus.com/roadmap Squirrel VM Bughttps://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html BlackByte Decryptor Releasedhttps://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/https://github.com/SpiderLabs/BlackByteDecryptor

  • ISC StormCast for Wednesday, October 20th, 2021
    by Johannes B. Ullrich, Ph.D. on October 20, 2021 at 2:00 am

    Can You Make the Great Chinese Firewall Work For Youhttps://isc.sans.edu/forums/diary/Can+you+make+the+Great+Chinese+Firewall+work+for+you/27948/ Fake Government Assistance Websiteshttps://www.ic3.gov/Media/Y2021/PSA211015 TA505 Coming Backhttps://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant BlackMatter Ransomware https://us-cert.cisa.gov/ncas/alerts/aa21-291a

  • ISC StormCast for Tuesday, October 19th, 2021
    by Johannes B. Ullrich, Ph.D. on October 19, 2021 at 2:05 am

    Malcious PowerShell Script Using Client Certificate Authenticationhttps://isc.sans.edu/forums/diary/Malicious+PowerShell+Using+Client+Certificate+Authentication/27944/ PowerShell Updateshttps://github.com/PowerShell/Announcements/issues/27 Juniper JunOS Patcheshttps://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES TianFu Cuphttps://tianfucup.com/en/#canjia

  • ISC StormCast for Monday, October 18th, 2021
    by Johannes B. Ullrich, Ph.D. on October 18, 2021 at 2:05 am

    Active Scanning for Apache Vulnerabilities CVE-2021-41773 and 42013https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/ Warranty Repairs and Non Removable Storage Riskshttps://isc.sans.edu/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/ Crypto Wallet Compromised on OpenSea NFT Marketplacehttps://blog.checkpoint.com/2021/10/13/check-point-software-prevents-theft-of-crypto-wallets-on-opensea-the-worlds-largest-nft-marketplace/ $5.2 Billion worth of Bitcoin Transactions Linked to Ransomwarehttps://www.fincen.gov/sites/default/files/shared/Financial%20Trend%20Analysis_Ransomeware%20508%20FINAL.pdf

  • ISC StormCast for Friday, October 15th, 2021
    by Johannes B. Ullrich, Ph.D. on October 15, 2021 at 2:00 am

    Port Forwarding with Windows for the Winhttps://isc.sans.edu/forums/diary/PortForwarding+with+Windows+for+the+Win/27934/ Please Fix Your E-Mail Brute Forcing Toolhttps://isc.sans.edu/forums/diary/Please+fix+your+EMail+Brute+forcing+tool/27930/ Ad Blocker Injects Adshttps://www.imperva.com/blog/the-ad-blocker-that-injects-ads/ Romance Scams Go After Crypto Currencyhttps://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/ Sysmon For Linuxhttps://github.com/Sysinternals/SysmonForLinux Foxit Updateshttps://www.foxit.com/support/security-bulletins.html VMWare Updateshttps://www.vmware.com/security/advisories/VMSA-2021-0023.html

  • ISC StormCast for Wednesday, October 13th, 2021
    by Johannes B. Ullrich, Ph.D. on October 13, 2021 at 2:00 am

    Microsoft Patch Tuesdayhttps://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/ Adobe Patcheshttps://helpx.adobe.com/security/security-bulletin.html PyPi Remove mitmproxy2 Modulehttps://twitter.com/maximilianhils/status/1447525552370458625https://web.archive.org/web/20211012105244/https://gist.github.com/mhils/7ff29d50b25a1c99e06834cf95684333

  • ISC StormCast for Tuesday, October 12th, 2021
    by Johannes B. Ullrich, Ph.D. on October 12, 2021 at 2:05 am

    Non HTTP Requests Hitting Web Serverhttps://isc.sans.edu/forums/diary/Things+that+go+Bump+in+the+Night+Non+HTTP+Requests+Hitting+Web+Servers/27924/ Apple Updates iOS/iPadOS to 15.0.2https://saaramar.github.io/IOMFB_integer_overflow_poc/https://support.apple.com/en-us/HT212846 Weak SSH Keys Used with GitKrakenhttps://github.blog/2021-10-11-github-security-update-revoking-weakly-generated-ssh-keys/ Let’s Encrypt Outagehttps://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6164b5af714e1f053880ba0c

  • ISC StormCast for Monday, October 11th, 2021
    by Johannes B. Ullrich, Ph.D. on October 11, 2021 at 2:05 am

    Scanning for Previous Oracle WebLogic Vulnerabilitieshttps://isc.sans.edu/forums/diary/Scanning+for+Previous+Oracle+WebLogic+Vulnerabilities/27918/ Sorting Things Out – Sorting Data by IP Addresshttps://isc.sans.edu/forums/diary/Sorting+Things+Out+Sorting+Data+by+IP+Address/27916/https://gitlab.com/slackermedia/bashcrawl Telegram Does Not Remove Auto-Deleted Messages from Cachehttps://habr.com/en/post/580582/ Microsoft To Disable Excel 4.0 Macros By Defaulthttps://twitter.com/GelosSnake/status/1446192775087722497https://m365admin.handsontek.net/macro-settings-update-to-disable-excel-4-0-macros-by-default/

  • ISC StormCast for Friday, October 8th, 2021
    by Johannes B. Ullrich, Ph.D. on October 8, 2021 at 2:00 am

    Who is Hunting For Your IPTV Set-Top Box?https://isc.sans.edu/forums/diary/Who+Is+Hunting+For+Your+IPTV+SetTop+Box/27912/ Another Update For Apachehttps://httpd.apache.org Font on Lake Rootkithttps://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/ osquery 5 with macOS Endpoint Securityhttps://www.trailofbits.com/post/announcing-osquery-5-now-with-endpointsecurity-on-macos

  • ISC StormCast for Thursday, October 7th, 2021
    by Johannes B. Ullrich, Ph.D. on October 7, 2021 at 2:00 am

    Apache 2.4.49 Directory Traversal Vulnerabilityhttps://isc.sans.edu/forums/diary/Apache+2449+Directory+Traversal+Vulnerability+CVE202141773/27908/ Python Ransomware Targeting ESXi Serverhttps://www.sophos.com/en-us/press-office/press-releases/2021/10/sophos-researchers-uncover-new-python-ransomware-targeting-an-esxi-server-and-virtual-machines.aspx AT&T SIM Forensicshttps://medium.com/telecom-expert/what-is-at-t-doing-at-1111340002-c418876c212c Google Making Additional 2FA Pushhttps://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/

  • ISC StormCast for Wednesday, October 6th, 2021
    by Johannes B. Ullrich, Ph.D. on October 6, 2021 at 2:00 am

    Looking Glass Siteshttps://isc.sans.edu/forums/diary/Looking+Glasses+Debugging+Network+Connectivity+Issues/27904/ Facebook Postmortemhttps://engineering.fb.com/2021/10/05/networking-traffic/outage-details/ Apache 2.4.49 Directory Traversal Vulnerabilityhttps://blog.sonatype.com/apache-servers-actively-exploited-in-wild-importance-of-prompt-patching Windows 11 Releasedhttps://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work/https://www.microsoft.com/en-us/download/details.aspx?id=55319

  • ISC StormCast for Tuesday, October 5th, 2021
    by Johannes B. Ullrich, Ph.D. on October 5, 2021 at 2:00 am

    Facebook Outagehttps://isc.sans.edu/forums/diary/Facebook+Outage+Yes+its+DNS+sort+of+A+super+quick+analysis+of+what+is+going+on/27900/ Boutique “Dark” Botnet Hunting for Crumbshttps://isc.sans.edu/forums/diary/Boutique+Dark+Botnet+Hunting+for+Crumbs/27898/ Apache Airflow May Leak Credentialshttps://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/

  • ISC StormCast for Monday, October 4th, 2021
    by Johannes B. Ullrich, Ph.D. on October 4, 2021 at 2:05 am

    A New Tool To Add to Your LOLBAS List: cvtres.exehttps://isc.sans.edu/forums/diary/New+Tool+to+Add+to+Your+LOLBAS+List+cvtresexe/27892/ Google Chrome Continuing Updateshttps://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop Cyber Security Awareness Monthhttps://www.sans.org/security-awareness-training/resources/https://isc.sans.edu/tag.html?tag=csam FCC Attempts to Fight SIM Swappinghttps://docs.fcc.gov/public/attachments/DOC-376199A1.pdf MacOS Gatekeeper Bypasshttps://labs.f-secure.com/blog/the-discovery-of-cve-2021-1810/

  • ISC StormCast for Friday, October 1st, 2021
    by Johannes B. Ullrich, Ph.D. on October 1, 2021 at 2:00 am

    Visa/Apple Express Transit Relay Attackhttps://www.bbc.com/news/technology-58719891 FluBot Offering Fake FlutBot Protectionhttps://twitter.com/CERTNZ/status/1443701853665980440 Undetected Azure Active Directory Brute-Force Attackshttps://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks SANS.edu Student Christopher DeWees: Expired Domain Dumpster Diving https://www.sans.edu/cyber-research/40505/

  • ISC StormCast for Thursday, September 30th, 2021
    by Johannes B. Ullrich, Ph.D. on September 30, 2021 at 2:00 am

    Keeping Track of Time: Network Time Protocol and GPSD Bughttps://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/ Apple Airtags Stored XSShttps://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216 CISA/NSA Guidance To Configure VPNshttps://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF Facebook Open Sourcing “Mariana Trench” Tool To Analyze Android and Java Appshttps://engineering.fb.com/2021/09/29/security/mariana-trench/

  • ISC StormCast for Wednesday, September 29th, 2021
    by Johannes B. Ullrich, Ph.D. on September 29, 2021 at 2:00 am

    TLS 1.3 and SSL: The Current State of Affairshttps://isc.sans.edu/forums/diary/TLS+13+and+SSL+the+current+state+of+affairs/27882/ EFF Discontinues HTTPS Everywhere Pluginhttps://www.eff.org/deeplinks/2021/09/https-actually-everywhere Malicious CryptoCoin Wallethttps://discourse.mozilla.org/t/got-hacked-by-the-add-on-called-safepal-wallet/85797 Microsoft Automates Exchange Mitigationshttps://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155

  • ISC StormCast for Tuesday, September 28th, 2021
    by Johannes B. Ullrich, Ph.D. on September 28, 2021 at 2:00 am

    Trend Micro ServerProtect Authentication Bypass Vulnerabilityhttps://www.zerodayinitiative.com/advisories/ZDI-21-1115/ Let’s Encrypt Root CA Expirationhttps://community.letsencrypt.org/t/production-chain-changes/150739 ERMAC Android Malwarehttps://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html QNAP Vulnerabilitieshttps://www.qnap.com/en/security-advisory/QSA-21-35

  • ISC StormCast for Monday, September 27th, 2021
    by Johannes B. Ullrich, Ph.D. on September 27, 2021 at 2:00 am

    Mobile Device Inventory via Active Synchttps://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+Users+Mobile+Devices+Simple+Inventory/27868/ Autodiscover Attackshttps://autodiscover-vulnerable-tlds.comhttps://wiki.mozilla.org/Public_Suffix_Listhttps://www.guardicore.com/labs/autodiscovering-the-great-leak/ Three More 0-Day Vulnerabilities in iOShttps://habr.com/en/post/579714/ original russian version: https://habr.com/en/post/579716/ Cisco CAPWAP Vulnerabilityhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf Sonicwall SMA 100 Series Vulnerablityhttps://www.sonicwall.com/support/product-notification/security-notice-critical-arbitrary-file-delete-vulnerability-in-sonicwall-sma-100-series-appliances/210819124854603/

  • ISC StormCast for Friday, September 24th, 2021
    by Johannes B. Ullrich, Ph.D. on September 24, 2021 at 2:05 am

    Excel Recipe: Some VBA Code with a Touch of Excel4 Macrohttps://isc.sans.edu/forums/diary/Excel+Recipe+Some+VBA+Code+with+a+Touch+of+Excel4+Macro/27864/ Windows Platform Binary Table Weaknesshttps://eclypsium.com/2021/09/20/everyone-gets-a-rootkit/ Apple Patches Older iOS/MacOS Versionshttps://support.apple.com/en-us/HT201222 Broken Digital Signatures Used to Foil Malware Detectionhttps://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/

Share This Information.

4 thoughts on “Internet Storm Centre Podcast

  1. Oh my goodness! Impressive article dude! Thank you, However I am experiencing problems with your RSS.
    I don’t understand why I can’t join it. Is there anybody else having similar RSS problems?
    Anybody who knows the answer can you kindly respond?

    Thanks!!

  2. We absolutely love your blog websitecyber and find the majority of your post’s to be precisely what I’m looking for. Do you offer guest writers to write content for yourself? I wouldn’t mind producing a post or elaborating on many of the subjects you write related to here. Again, awesome web log!

    1. Hi Jeanene,

      It great to hear that you love websitecyber and that our posts are precisely what you have been looking for. We don’t offer guest writers on our blog because we maintain the security of our website to the highest standard possible.

      Cheers,
      Websitecyber

Leave a Reply

Your email address will not be published. Required fields are marked *