Internet Storm Centre Podcast

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

  • ISC StormCast for Wednesday, March 30th, 2022
    by Dr. Johannes B. Ullrich on March 30, 2022 at 2:00 am

    More Fake/Typosquatting Twitter Accounts Asking for Ukraine Cryptocurrency Donationshttps://isc.sans.edu/forums/diary/More+FakeTyposquatting+Twitter+Accounts+Asking+for+Ukraine+Crytocurrency+Donations/28492/ Mitigating Attacks Against Uninterruptible Power Supply Deviceshttps://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf MFA Bypass Attackshttps://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html Google Advertises Mars Stealerhttps://blog.morphisec.com/threat-research-mars-stealer Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/

  • ISC StormCast for Tuesday, March 29th, 2022
    by Dr. Johannes B. Ullrich on March 29, 2022 at 2:00 am

    BGP Hijacking of Twitter Prefix by RTComm.ruhttps://isc.sans.edu/forums/diary/BGP+Hijacking+of+Twitter+Prefix+by+RTCommru/28488/ DDoS Against Sites in Ukrainehttps://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/ Sophos Patcheshttps://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce Sonicwall Patcheshttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003 opnsense CARP protocol routing errorhttps://medium.com/sensorfu/firewall-bypass-with-carp-in-packet-filter-c4ed70fb7dd7

  • ISC StormCast for Monday, March 28th, 2022
    by Dr. Johannes B. Ullrich on March 28, 2022 at 2:00 am

    XLSB Files Because Binary is Stealthier Than XMLhttps://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/ Dirty Pipe Container Escape PoChttps://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/ PHP filter_var Shenaniganshttps://pwning.systems/posts/php_filter_var_shenanigans/ OpenBSD slaacd vulnhttps://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html Google Chrome Updatehttps://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html

  • ISC StormCast for Friday, March 25th, 2022
    by Dr. Johannes B. Ullrich on March 25, 2022 at 2:00 am

    Malware Delivered Through Free Sharing Toolhttps://isc.sans.edu/forums/diary/Malware+Delivered+Through+Free+Sharing+Tool/28474/ Western Digital PR4100 NAS Vulnerabiltyhttps://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/ Crypto malware in patched wallets targeting Android and iOS deviceshttps://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/ Lapsus$ Arresthttps://www.bbc.com/news/technology-60864283https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind?sref=ylv224K8 Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwidehttps://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical

  • ISC StormCast for Thursday, March 24th, 2022
    by Dr. Johannes B. Ullrich on March 24, 2022 at 2:00 am

    Mars Stealerhttps://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/ Okta Updatehttps://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/ Microsoft Lapsus$ Updatehttps://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ npm Attack Targeting Azure Developershttps://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/

  • ISC StormCast for Wednesday, March 23rd, 2022
    by Dr. Johannes B. Ullrich on March 23, 2022 at 2:00 am

    Statement by President Biden: What you need to do (or not do)https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/ ASUS Cyclops Blink Advisoryhttps://www.asus.com/content/ASUS-Product-Security-Advisory/ HP Vulnerabilitieshttps://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780 Sophos UTM Updateshttps://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710 MacOS GIMMICK Malwarehttps://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/ Octa Breached By Lapsushttps://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/https://twitter.com/BillDemirkapi/status/1506107157124722690

  • ISC StormCast for Tuesday, March 22nd, 2022
    by Dr. Johannes B. Ullrich on March 22, 2022 at 2:00 am

    Maldoc Cleaned by Anti-Virushttps://isc.sans.edu/forums/diary/Maldoc+Cleaned+by+AntiVirus/28460/ Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chainhttps://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain IBM Spectrum Protect Updatehttps://www.ibm.com/support/pages/node/6564745 Lapsus$ May have Breached Microsofthttps://www.theregister.com/2022/03/21/microsoft_lapsus_breach_probe/ Statement by President Biden on our Nation’s Cybersecurityhttps://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/

  • ISC StormCast for Monday, March 21st, 2022
    by Dr. Johannes B. Ullrich on March 21, 2022 at 2:00 am

    Scans for Movable Type Vulnerability (CVE-2021-20837)https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454/ SolarWinds Advisory: Unauahtneticated Access in Web Help Desk (12.7.5)https://isc.sans.edu/forums/diary/SolarWinds+Advisory+Unauthenticated+Access+in+Web+Help+Desk+1275/28456/ MGLNDD_* Scanshttps://isc.sans.edu/forums/diary/MGLNDD+Scans/28458/ CAPTCHA Phishinghttps://www.avanan.com/blog/using-captcha-forms-to-bypass-filters Browser in the Browser Templateshttps://mrd0x.com/browser-in-the-browser-phishing-attack/

  • ISC StormCast for Friday, March 18th, 2022
    by Dr. Johannes B. Ullrich on March 18, 2022 at 2:00 am

    npm Package Sabotaged for Belarus/Russian Usershttps://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ President Zelensky Deepfakeshttps://twitter.com/ngleicher/status/1504186935291506693 ATM Rootkithttps://www.mandiant.com/resources/unc2891-overview Scanner for Backdoored Mikrotik Routershttps://github.com/microsoft/routeros-scanner SANS.edu Student: Ron Grohman; Network Access Control and ICS: A Practical Guidehttps://www.sans.edu/cyber-research/network-access-control-and-ics-a-practical-guide/

  • ISC StormCast for Thursday, March 17th, 2022
    by Dr. Johannes B. Ullrich on March 17, 2022 at 2:00 am

    Qakbot Infection With Cobalt Strike and VNC Activityhttps://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/ Gh0stCringe RAT Being Distributed to Vulnerable Database Servershttps://asec.ahnlab.com/en/32572/ dompdf 0 dayhttps://positive.security/blog/dompdf-rce OpenSSL DoS Vulnerabilityhttps://www.openssl.org/news/secadv/20220315.txt

  • ISC StormCast for Wednesday, March 16th, 2022
    by Dr. Johannes B. Ullrich on March 16, 2022 at 2:00 am

    Clean Binaries with Suspicious Behaviourhttps://isc.sans.edu/forums/diary/Clean+Binaries+with+Suspicious+Behaviour/28444/ Misconfigured Multi-Factor Authentication Abusedhttps://www.cisa.gov/uscert/ncas/alerts/aa22-074a German Office of Information Security Warns Kaspersky Usershttps://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html Caddy Wiper Targeting Ukrainehttps://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/ Fake Antivirus Targeting Ukrainehttps://twitter.com/malwrhunterteam/status/1502302718140035080 B1txor20 DNS Tunnel Backdoorhttps://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/

  • ISC StormCast for Tuesday, March 15th, 2022
    by Dr. Johannes B. Ullrich on March 15, 2022 at 2:00 am

    Apple Updates Everythinghttps://isc.sans.edu/forums/diary/Apple+Updates+Everything+MacOS+123+XCode+133+tvOS+154+watchOS+85+iPadOS+154+and+more/28438/ Look Alike Accounts Used in Ukraine Dontation Scam Impersonating Olena Zelenskahttps://isc.sans.edu/forums/diary/Look+Alike+Accounts+Used+in+Ukraine+Donation+Scam+impersonating+Olena+Zelenska/28440/ Curl on Windowshttps://isc.sans.edu/forums/diary/Curl+on+Windows/28436/ Veeam Vulnerabilitieshttps://www.veeam.com/kb4288 Linux Netfilter Privilege Escalationhttps://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/

  • ISC StormCast for Monday, March 14th, 2022
    by Dr. Johannes B. Ullrich on March 14, 2022 at 2:00 am

    Malware Using WebSockets For C&Chttps://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/ Racoon Stealer leverages Telegramhttps://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/ USAHERDS Hackhttps://www.wired.com/story/china-apt41-hacking-usaherds-log4j/ YARA 4.2.0 Releasedhttps://isc.sans.edu/forums/diary/YARA+420+Released/28432/

  • ISC StormCast for Friday, March 11th, 2022
    by Dr. Johannes B. Ullrich on March 11, 2022 at 2:00 am

    Credential Leaks on Virustotalhttps://isc.sans.edu/forums/diary/Credentials+Leaks+on+VirusTotal/28426/ GPS Issues Around Finish Rusian Borderhttps://www.straitstimes.com/world/europe/finland-detects-gps-disturbance-near-russias-kaliningrad Russia Considering Internal Certificate Authorityhttps://www.gosuslugi.ru/tlshttps://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/ New Spectre Varianthttps://www.vusec.net/projects/bhi-spectre-bhb/ Package Manager Vulnerabilities (yarn, pip, composer…)https://blog.sonarsource.com/securing-developer-tools-package-managers

  • ISC StormCast for Thursday, March 10th, 2022
    by Dr. Johannes B. Ullrich on March 10, 2022 at 2:00 am

    Infostealer in a Batch Filehttps://isc.sans.edu/forums/diary/Infostealer+in+a+Batch+File/28422/ TP240PhoneHome reflection/amplification DDoS Attack Vectorhttps://blog.cloudflare.com/cve-2022-26143/ Malware Disguises as Pro Ukrainian Cybertoolshttps://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html#more Russian Government Sites Hacked in Supply Chain Attackhttps://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/ Third Party Vulnerabilities in RUGGEDCOM ROShttps://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf Adobe Bulletinshttps://helpx.adobe.com/security/security-bulletin.html

  • ISC StormCast for Wednesday, March 9th, 2022
    by Dr. Johannes B. Ullrich on March 9, 2022 at 2:00 am

    Microsoft Patch Tuesdayhttps://isc.sans.edu/forums/diary/Microsoft+March+2022+Patch+Tuesday/28418/ Critical APC UPS Vulnerabilityhttps://www.armis.com/research/tlstorm/ Vulnerabilities in Firmware Affecting HP Deviceshttps://www.binarly.io/news/BinarlyDiscovers16NewHighImpactVulnerabilitiesinFirmwareAffectingHPEnterpriseDevices/index.html

  • ISC StormCast for Tuesday, March 8th, 2022
    by Dr. Johannes B. Ullrich on March 7, 2022 at 10:06 pm

    Ukraine Scam Followuphttps://isc.sans.edu/forums/diary/No+Bitcoin+No+Problem+Follow+Up+to+Last+Weeks+Donation+Scam/28412/ Dirty Pipe Linux Vulnerabilityhttps://dirtypipe.cm4all.com Mozilla Firefox and Thunderbird Vulnerabilityhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-09/ Azure AutoWarphttps://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ Terramaster TOS Vulnerabilityhttps://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/https://forum.terra-master.com/en/viewtopic.php?f=28&t=3030

  • ISC StormCast for Monday, March 7th, 2022
    by Dr. Johannes B. Ullrich on March 7, 2022 at 2:00 am

    Ukraine Dontation Scamhttps://isc.sans.edu/forums/diary/Scam+EMail+Impersonating+Red+Cross/28404/ Cogent Disconnects Russiahttps://www.washingtonpost.com/technology/2022/03/04/russia-ukraine-internet-cogent-cutoff/ Russia DDoS Listshttps://safe-surf.ru/upload/ALRT/proxies.txthttps://safe-surf.ru/upload/ALRT/referer_http_header.txt NVidia Stolen Certificateshttps://www.theregister.com/2022/03/05/nvidia_stolen_certificate/https://twitter.com/cyb3rops/status/1499514240008437762 GitLab Vulnerabilitieshttps://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/#unauthenticated-user-enumeration-on-graphql-api Cisco Patcheshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk

  • ISC StormCast for Friday, March 4th, 2022
    by Dr. Johannes B. Ullrich on March 4, 2022 at 2:00 am

    Attackers Search For Exosed “LuCI” Foldershttps://isc.sans.edu/diary/28400 Alexa Versus Alexahttps://arxiv.org/abs/2202.08619 Bypassing Google Cloud Armorhttps://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf Ukraine Updateshttps://www.golem.de/news/ausfall-angriff-auf-ka-sat-satellit-ueber-gatewaystation-in-ukraine-2203-163614.htmlhttps://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/https://www.bleepingcomputer.com/news/security/ukraine-says-local-govt-sites-hacked-to-push-fake-capitulation-news/

  • ISC StormCast for Thursday, March 3rd, 2022
    by Dr. Johannes B. Ullrich on March 3, 2022 at 2:00 am

    The More Often Something is Repeated, the More True it Becomeshttps://isc.sans.edu/forums/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396/ Fortinet Bughttps://www.fortiguard.com/psirt/FG-IR-21-028 IBM Updateshttps://www.ibm.com/blogs/psirt/ Google Updateshttps://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html Conti Ransomware Leakhttps://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/ Middle Box DDoS Attackshttps://www.akamai.com/blog/security/tcp-middlebox-reflection

Internet Storm Centre Podcast
Share This Information.

4 thoughts on “Internet Storm Centre Podcast

  1. Oh my goodness! Impressive article dude! Thank you, However I am experiencing problems with your RSS.
    I don’t understand why I can’t join it. Is there anybody else having similar RSS problems?
    Anybody who knows the answer can you kindly respond?

    Thanks!!

  2. We absolutely love your blog websitecyber and find the majority of your post’s to be precisely what I’m looking for. Do you offer guest writers to write content for yourself? I wouldn’t mind producing a post or elaborating on many of the subjects you write related to here. Again, awesome web log!

    1. Hi Jeanene,

      It great to hear that you love websitecyber and that our posts are precisely what you have been looking for. We don’t offer guest writers on our blog because we maintain the security of our website to the highest standard possible.

      Cheers,
      Websitecyber

Leave a Reply

Your email address will not be published.