Internet Storm Centre Podcast

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

  • ISC StormCast for Wednesday, May 12th, 2021
    by Johannes B. Ullrich, Ph.D. on May 12, 2021 at 2:00 am

    Microsoft Patch Tuesdayhttps://isc.sans.edu/forums/diary/Microsoft+May+2021+Patch+Tuesday/27408 WiFi Fragmentation Attackshttps://www.fragattacks.com

  • ISC StormCast for Tuesday, May 11th, 2021
    by Johannes B. Ullrich, Ph.D. on May 11, 2021 at 2:05 am

    Validating IP Addresses: Why Encoding Mattershttps://isc.sans.edu/forums/diary/Correctly+Validating+IP+Addresses+Why+encoding+matters+for+input+validation/27404/ Jail Breaking AirTagshttps://twitter.com/ghidraninja/status/1391148503196438529 Malicious Tor Exit Relay Activitieshttps://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df

  • ISC StormCast for Monday, May 10th, 2021
    by Johannes B. Ullrich, Ph.D. on May 10, 2021 at 2:05 am

    Who is Probing the Internet for Research Purposeshttps://isc.sans.edu/forums/diary/Who+is+Probing+the+Internet+for+Research+Purposes/27400/ Cycle Hunter and tsuNAME DDoS Attackhttps://github.com/SIDN/CycleHunterhttps://tsuname.io/tech_report.pdf Foxit Reader / Phantom PDF Vulnerabilitieshttps://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06 Hypocrit Patches Reviewed By Linux Foundationhttps://lore.kernel.org/lkml/[email protected]/

  • ISC StormCast for Friday, May 7th, 2021
    by Johannes B. Ullrich, Ph.D. on May 7, 2021 at 2:00 am

    Scans for Exposed Azure Storage Containershttps://isc.sans.edu/forums/diary/Exposed+Azure+Storage+Containers/27396/ Qualcomm MSM Vulnerabilityhttps://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/ Google to Automatically enroll users in 2SFhttps://blog.google/technology/safety-security/a-simpler-and-safer-future-without-passwords/ New Cellebrite Vulnerabilities Announcedhttps://www.ehackingnews.com/2021/05/new-vulnerabilities-in-cellebrites.html

  • ISC StormCast for Thursday, May 6th, 2021
    by Johannes B. Ullrich, Ph.D. on May 6, 2021 at 2:15 am

    May 2021 Forensic Contesthttps://isc.sans.edu/forums/diary/May+2021+Forensic+Contest/27386/ Windows Defender Bug Fills Windows 10 Boot Drive with thousands of fileshttps://www.bleepingcomputer.com/news/microsoft/windows-defender-bug-fills-windows-10-boot-drive-with-thousands-of-files/ VMWare vRealize Business for Cloud Patchhttps://kb.vmware.com/s/article/83475 Cisco Updates SD-WAN vManager / HyperFlex HXhttps://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities Security and Privacy Risks of Number Recycling at Mobile Carriers in the UShttps://recyclednumbers.cs.princeton.edu

  • ISC StormCast for Wednesday, May 5th, 2021
    by Johannes B. Ullrich, Ph.D. on May 5, 2021 at 2:15 am

    Android Updatehttps://source.android.com/security/bulletin/2021-05-01?hl=en Dell Privilege Escalation Vulnerabilityhttps://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerabilityhttps://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/ Exim Mail Server Vulnerabilitieshttps://www.qualys.com/2021/05/04/21nails/21nails.txt Quick and Dirty Python: masscanhttps://isc.sans.edu/forums/diary/Quick+and+dirty+Python+masscan/27384/ ICMP Tunnel Backdoorhttps://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/

  • ISC StormCast for Tuesday, May 4th, 2021
    by Johannes B. Ullrich, Ph.D. on May 4, 2021 at 2:05 am

    Apple Patches 2 0-Day Flaws in WebKit affecting iOS/MacOS/WatchOShttps://support.apple.com/en-us/HT201222 PoC Exploit for CVE-2021-28482 (Microsoft Exchange)https://gist.github.com/testanull/9ebbd6830f7a501e35e67f2fcaa57bdahttps://testbnull.medium.com/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f Yet Another Processor Side-Channel: Micro-Ops Cacheshttp://www.cs.virginia.edu/venkat/papers/isca2021a.pdf Pulse Secure Updatehttps://blog.pulsesecure.net/pulse-connect-secure-patch-availability-sa44784/

  • ISC StormCast for Monday, May 3rd, 2021
    by Johannes B. Ullrich, Ph.D. on May 3, 2021 at 2:05 am

    Qiling: A true instrumentable binary emulation frameworkhttps://isc.sans.edu/forums/diary/Qiling+A+true+instrumentable+binary+emulation+framework/27372/ Python “ipaddress” improper input validationhttps://sick.codes/sick-2021-014/ EXIF Tool Vulnerabilitieshttps://twitter.com/wcbowling/status/1385803927321415687 ABUS Secvest Internet Connected Alarm Systemshttps://eye.security/nl/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973 FiveHands Ransomware Installed via SonicWall Flawhttps://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html

  • ISC StormCast for Friday, April 30th, 2021
    by Johannes B. Ullrich, Ph.D. on April 30, 2021 at 2:05 am

    From Python to .Nethttps://isc.sans.edu/forums/diary/From+Python+to+Net/27366/ PHP Composer Vulnerabilityhttps://blog.sonarsource.com/php-supply-chain-attack-on-composer Microsoft Identifies Several Integer Overflow Vulnerablitieshttps://us-cert.cisa.gov/ics/advisories/icsa-21-119-04

  • ISC StormCast for Thursday, April 29th, 2021
    by Johannes B. Ullrich, Ph.D. on April 29, 2021 at 2:05 am

    Stopping Google FLoChttps://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/https://amifloced.org RotaJakiro Backdoorhttps://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/ F5 Big IP Kerberos Spoofing Vulnerablityhttps://support.f5.com/csp/article/K51213246

  • ISC StormCast for Wednesday, April 28th, 2021
    by Johannes B. Ullrich, Ph.D. on April 28, 2021 at 2:05 am

    Diving into a Singapore Post Phihsing E-Mailhttps://isc.sans.edu/forums/diary/Diving+into+a+Singapore+Post+Phishing+Email/27356/ Two in Five Victims of Online Scam Adverts Do Not Report to Host Platformshttps://www.which.co.uk/news/2021/04/two-in-five-victims-of-online-scam-adverts-dont-report-to-host-platforms/ Microsoft Defender Blocks Cryptojacking Malwarehttps://www.microsoft.com/security/blog/2021/04/26/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt/ Linux Privilege Escalation Vulnerabilityhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1211

  • ISC StormCast for Tuesday, April 27th, 2021
    by Johannes B. Ullrich, Ph.D. on April 27, 2021 at 2:05 am

    CAD: .DGN and .MVBA Files analyzed with oledumphttps://isc.sans.edu/forums/diary/CAD+DGN+and+MVBA+Files/27354/ MacOS 0-Day Bug Patchedhttps://objective-see.com/blog/blog_0x64.htmlhttps://support.apple.com/en-us/HT201222 Emotet Uninstaller Triggeredhttps://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/ HashiCorp Code Signing Key Exposed By Codecov Compromisehttps://www.theregister.com/2021/04/26/hashicorp_reveals_exposure_of_private/

  • ISC StormCast for Monday, April 26th, 2021
    by Johannes B. Ullrich, Ph.D. on April 26, 2021 at 2:00 am

    Compact VBA Macroshttps://isc.sans.edu/forums/diary/Malicious+PowerPoint+AddOn+Small+Is+Beautiful/27342/ Base64 Strings Used in Web Scanninghttps://isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/ Clickstudios Password Manager Compromisehttps://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/ Homebrew Code Execution Vulnerabilityhttps://brew.sh/2021/04/21/security-incident-disclosure/ Apple AirDrop Shares Personal Datahttps://www.informatik.tu-darmstadt.de/fb20/ueber_uns_details_231616.en.jsp

  • ISC StormCast for Friday, April 23rd, 2021
    by Johannes B. Ullrich, Ph.D. on April 23, 2021 at 12:12 pm

    How Safe are Your Docker Imageshttps://isc.sans.edu/forums/diary/How+Safe+Are+Your+Docker+Images/27340/ Additional SolarWinds Infrastructurehttps://www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/ Cellebrite Exploithttps://signal.org/blog/cellebrite-vulnerabilities/ Duo 2FA Bypasshttps://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/

  • ISC StormCast for Thursday, April 22nd, 2021
    by Johannes B. Ullrich, Ph.D. on April 22, 2021 at 2:00 am

    Linux Kernel Maintainer Calls Out “hypocrite commits” by University of Minnesotahttps://lore.kernel.org/lkml/[email protected]/https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdfhttps://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf QNAP QLocker uses 7-Ziphttps://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/ Chrome O-Day Fixedhttps://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html

  • ISC StormCast for Wednesday, April 21st, 2021
    by Johannes B. Ullrich, Ph.D. on April 21, 2021 at 2:20 am

    Pulse Secure VPN 0-Day Exploitedhttps://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.htmlhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ SonicWall Vulnerabilitieshttps://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/ Synology Vulnerabilityhttps://blog.talosintelligence.com/2021/04/vuln-spotlight-synology-dsm.html#more Air Fryer Vulnerabilityhttps://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html

  • ISC StormCast for Tuesday, April 20th, 2021
    by Johannes B. Ullrich, Ph.D. on April 20, 2021 at 2:00 am

    Hunting Phishing Websites with Favicon Hasheshttps://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/ Nagios XI Vulnerability Exploited by Cryptominershttps://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/ XCSSET Malware Adapting to MacOS 11 and M1https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html QNAP Patcheshttps://www.qnap.com/de-de/security-advisories?ref=security_advisory_details Juniper Updateshttps://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES

  • ISC StormCast for Monday, April 19th, 2021
    by Johannes B. Ullrich, Ph.D. on April 19, 2021 at 2:00 am

    Decoding Cobalt Strike Traffichttps://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/ Codecov Breachhttps://about.codecov.io/security-update/ Google Project Zero Tweaks Disclosure Ruleshttps://googleprojectzero.blogspot.com EIPStackGroup OpENer Ethernet/IPhttps://us-cert.cisa.gov/ics/advisories/icsa-21-105-02 DNS Problems with Windows 10 Security Updatehttps://www.bleepingcomputer.com/news/microsoft/mandatory-windows-10-update-causing-dns-and-shared-folder-issues/

  • ISC StormCast for Friday, April 16th, 2021
    by Johannes B. Ullrich, Ph.D. on April 16, 2021 at 12:43 am

    Why and How You Should be Using an Internal Certificate Authorityhttps://isc.sans.edu/forums/diary/Why+and+How+You+Should+be+Using+an+Internal+Certificate+Authority/27314/ Vulnerabilities Used By Russian Foreign Intelligence Servicehttps://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/ Insecurity URL Handlinghttps://positive.security/blog/url-open-rce SANS Research Paper: Bryan Scarbrough; Malware Detection in Encrypted TLS Traffic Through Machine Learninghttps://www.sans.org/reading-room/whitepapers/artificialintelligence/malware-detection-encrypted-tls-traffic-machine-learning-40185

  • ISC StormCast for Thursday, April 15th, 2021
    by Johannes B. Ullrich, Ph.D. on April 15, 2021 at 2:00 am

    April 2021 Forensics Quiz Solutionhttps://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/ Adobe Patch Tuesday https://helpx.adobe.com/security.html Chrome 90 Released (and 0-Day Exploits)https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.htmlhttps://github.com/avboy1337/1195777-chrome0dayhttps://github.com/r4j0x00/exploits/tree/master/chrome-0day SAP Updateshttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 Linux/Mac Malware included in npm Modulehttps://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt Congratulations to the SANS.edu National Cyber League Teams!https://twitter.com/SANS_EDU/status/1382453652602941440

Share This Information.

4 thoughts on “Internet Storm Centre Podcast

  1. Oh my goodness! Impressive article dude! Thank you, However I am experiencing problems with your RSS.
    I don’t understand why I can’t join it. Is there anybody else having similar RSS problems?
    Anybody who knows the answer can you kindly respond?

    Thanks!!

  2. We absolutely love your blog websitecyber and find the majority of your post’s to be precisely what I’m looking for. Do you offer guest writers to write content for yourself? I wouldn’t mind producing a post or elaborating on many of the subjects you write related to here. Again, awesome web log!

    1. Hi Jeanene,

      It great to hear that you love websitecyber and that our posts are precisely what you have been looking for. We don’t offer guest writers on our blog because we maintain the security of our website to the highest standard possible.

      Cheers,
      Websitecyber

Leave a Reply

Your email address will not be published. Required fields are marked *