SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

By Johannes B. Ullrich

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in iTunes


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 488
Reviews: 3


 Jan 10, 2019

Kir
 Sep 11, 2018
...

Harald Clark
 Aug 18, 2018
A nice, clear and concise, daily overview of computing security threats; links for more info and no irrelevant padding of podcast audio.

Description

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Episode Date
ISC StormCast for Friday, April 19th 2019
6:50
Malware Delivered As a UDF .img file
https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Image/24854/
Facebook Stored Passwords in Plain Text
https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/
Iranian Statesponsored Malware and Data Leaked
https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html
Windows 8 Live Tiles Domain Takeover
https://www.golem.de/news/subdomain-takeover-microsoft-verliert-kontrolle-ueber-windows-kacheln-1904-140709.html
Apr 19, 2019
ISC StormCast for Thursday, April 18th 2019
5:28
DNS Hijacking by Sea Turtle
https://blog.talosintelligence.com/2019/04/seaturtle.html
Broadcom Wifi Driver Vulnerabilities
https://www.kb.cert.org/vuls/id/166939/
NamPoHyu Virus Infects Samba Servers
https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/
Increased Attacks on Confluence
https://twitter.com/DFNCERT/status/1118468599230943233
Apr 18, 2019
ISC StormCast for Wednesday, April 17th 2019
5:34
PoC Exploit for Windows 10 DHCP Client Vulnerability CVE-2019-0726 (russian)
https://habr.com/ru/company/pt/blog/448378/
Oracle April 2019 Critical Patch Update
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
WiPro Breached Via Phishing Attacks
https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/
IDA and GHydra Part 2 (Strings And Parameters)
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+2+strings+and+parameters/24848/
Apr 17, 2019
ISC StormCast for Tuesday, April 16th 2019
7:04
Common "False Positives" in DNS Query Logs
https://isc.sans.edu/forums/diary/Odd+DNS+Requests+that+are+Normal/24844/

Adblock Plus Allows Filter List Providers to Inject Code in Pages
https://armin.dev/blog/2019/04/adblock-plus-code-injection/
Executables in Polyglot DICOM Images
https://github.com/d00rt/pedicom/blob/master/doc/Attacking_Digital_Imaging_and_Communication_in_Medicine_(DICOM)_file_format_standard_-_Markel_Picado_Ortiz_(d00rt).pdf
Malicious/Misleading VPN Ads
https://www.bleepingcomputer.com/news/security/mobile-vpns-promoted-by-you-are-infected-or-hacked-ads/
Apr 16, 2019
ISC StormCast for Monday, April 15th 2019
6:24
Configuring MTA-STS
https://isc.sans.edu/forums/diary/Configuring+MTASTS+and+TLS+Reporting+For+Your+Domain/24840/
How to Find Hidden Cameras in Your AirBNB
https://isc.sans.edu/forums/diary/How+to+Find+Hidden+Cameras+in+your+AirBNB/24834/
Insecure Storage of VPN Credentials
https://www.kb.cert.org/vuls/id/192371/
Microsoft Patch Problems
https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472
https://support.microsoft.com/en-us/help/4493446/windows-8-1-update-kb4493446
Internet Explorer XML External Entity Vulnerability
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
Apr 15, 2019
ISC StormCast for Friday, April 12th 2019
6:16
GMail Will Be Supporting MTA-STS and SMTP TLS Reporting
https://tools.ietf.org/html/rfc8461
https://tools.ietf.org/html/rfc8460
https://www.zdnet.com/article/gmail-becomes-first-major-email-provider-to-support-mta-sts-and-tls-reporting/
Juniper Patch Fixes Static Password in Junos OS
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10923&actp=METADATA
Uniden Commercial IP Camera Site Hosting Malware
https://twitter.com/JayTHL/status/1116200014630596609
Apr 12, 2019
ISC StormCast for Thursday, April 11th 2019
7:37
WPA3 Dragonblood Vulnerability
http://papers.mathyvanhoef.com/dragonblood.pdf
North Korean Trojan: HOPLIGHT
https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
Gaza Cybergang Group1 "SneakyPastes"
https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/
Apr 11, 2019
ISC StormCast for Wednesday, April 10th 2019
6:41
Microsoft and Adobe Patches
https://isc.sans.edu/forums/diary/Microsoft+April+2019+Patch+Tuesday/24826/
https://helpx.adobe.com/security.html
Fake "Food Poisoning" emails in Germany (in german)
https://www.polizei-praevention.de/aktuelles/erneut-mails-mit-schadsoftware-gegen-gewerbetreibende-im-umlauf.html
Vulnerability in Apache Axis
https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/
Golang DLL Injection Vulnerability
https://www.openwall.com/lists/oss-security/2019/04/09/1
Apr 09, 2019
ISC StormCast for Tuesday, April 9th 2019
5:33
GHidra vs. IDA
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+1+the+decompilerunreachable+code/24822/
TrendMicro Patch
https://success.trendmicro.com/solution/1122250
Dovecot Patch
https://dovecot.org/list/dovecot-news/2019-March/000403.html
Apache CVE-2019-0211 Exploit
https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache
Using JavaScript in Exploits
https://www.youtube.com/watch?v=HfpnloZM61I
Apr 09, 2019
ISC StormCast for Monday, April 8th 2019
6:47
Fake Office 365 Invoices Spread Ransomware
https://isc.sans.edu/forums/diary/Fake+Office+365+Payment+Information+Update/24818/
Malware Hiding in .well-known directory
https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-https-sites
Altering CT Images to Manipulate Diagnosis
https://arxiv.org/pdf/1901.03597.pdf
QT Framework RCE Vulnerability
https://www.zerodayinitiative.com/blog/2019/4/3/loading-up-a-pair-of-qt-bugs-detailing-cve-2019-1636-and-cve-2019-6739
Apr 07, 2019
ISC StormCast for Friday, April 5th 2019
5:47
New Waves of Scans Detected By An Old Rule
https://isc.sans.edu/forums/diary/New+Waves+of+Scans+Detected+by+an+Old+Rule/24812/
Xiaomi GuardApp Vulnerable to Man in the Middle
https://blog.checkpoint.com/2019/04/04/xiaomi-vulnerability-when-security-is-not-what-it-seems/
Xwo Web Scanner Hunting for MongoDB
https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner
Vulnerable SmartWatches "Defaced"
https://api.heise.de/svc/embetty/tweet/1112326532939374593-images-0
https://www.heise.de/newsticker/meldung/Vidimensio-Smartwatches-Der-Sicherheits-Alptraum-geht-weiter-4359967.html
Apr 04, 2019
ISC StormCast for Thursday, April 4th 2019
5:47
Ghidra tips for IDA users: Automatic Comments for API Call Parameters
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+0+automatic+comments+for+API+call+parameters/24806/
Security Awareness Newsletter: Making Passwords Simple
https://www.sans.org/security-awareness-training/resources/making-passwords-simple
IRS Themed Phishing Emails
https://www.proofpoint.com/us/threat-insight/post/tax-themed-email-campaigns-target-2019-filers
Large Leak of Facebook User Data via 3rd Party App
https://www.upguard.com/breaches/facebook-user-data-leak
Arbitrary Command Execution in PostgreSQL
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
Apr 04, 2019
ISC StormCast for Wednesday, April 3rd 2019
5:21
Compromised LaCie Drive Spread Fake AntiVirus
https://isc.sans.edu/forums/diary/Fake+AV+is+Back+LaCie+Network+Drives+Used+to+Spread+Malware/24802/
Unpatched SOP Vulnerability in Internet Explorer/Edge
https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html
Apache Fixes Privilege Escalation Flaw
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
Verizon Users Phished for Credentials
https://blog.lookout.com/mobile-phishing-verizon
Apr 03, 2019
ISC StormCast for Tuesday, April 2nd 2019
4:38
Common "OpenAction" False Positive in PDFs Created by OpenOffice
https://isc.sans.edu/forums/diary/Analysis+of+PDFs+Created+with+OpenOfficeLibreOffice/24798/
Android Monthly Update
https://source.android.com/security/bulletin/2019-04-01#2019-04-01-details
Malicious Android App Forwards Banking Calls to Attacker
https://www.blackhat.com/asia-19/briefings/schedule/index.html#when-voice-phishing-met-malicious-android-app-13419
Google Allowing WebAuthn Login from Firefox/Edge
https://twitter.com/christiaanbrand/status/1111430192596025347
All Your Data Are Belong to Us: Defending Against Credential Stuffing Attacks
https://www.sans.org/webcasts/data-belong-us-defend-credential-stuffing-110340
Apr 02, 2019
ISC StormCast for Monday, April 1st 2019
5:36
Annotating Golang Binaries with Cutter and Jupyter
https://isc.sans.edu/forums/diary/Annotating+Golang+binaries+with+Cutter+and+Jupyter/24790/
ASUS Targeted MAC Addresses Available for Download
https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/
Weaponized Version of New Zealand Attack Manifesto
https://bluehexagon.ai/blog/weaponized-version-of-new-zealand-terror-suspects-manifesto-discovered-in-the-wild/
Kubernetes Directory Traversal
https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/
VMWare Patches
https://www.vmware.com/security/advisories/VMSA-2019-0005.html
Mar 31, 2019
ISC StormCast for Friday, March 29th 2019
4:30
Creating Your Own Passive DNS Logs
https://isc.sans.edu/forums/diary/Running+your+Own+Passive+DNS+Service/24784/
Incomplete Patch for Cisco RV320 Routers
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-003/-cisco-rv320-unauthenticated-configuration-export
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-004/-cisco-rv320-unauthenticated-diagnostic-data-retrieval
TPLink Debug Port Vulnerability
https://twitter.com/mjg59/status/1111106885736787975
https://pastebin.com/GAzccR95
Mar 28, 2019
ISC StormCast for Thursday, March 28th 2019
5:05
Microsoft Releases Application Guard for Firefox and Chrome
https://blogs.windows.com/windowsexperience/2019/03/15/announcing-windows-10-insider-preview-build-18358/
New Set of LTE Vulnerabilities
https://syssec.kaist.ac.kr/pub/2019/kim_sp_2019.pdf
NVidia Privilege Escalation
https://rhinosecuritylabs.com/application-security/nvidia-arbitrary-file-writes-to-command-execution-cve-2019-5674/
Mar 27, 2019
ISC StormCast for Wednesday, March 27th 2019
5:40
Apple Updates
https://support.apple.com/en-us/HT201222
ASUS Response to Kaspersky Report
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
Firefox Importing Windows Root Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1533397
UC Webbrowser MITM Vulnerability
https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/
Mar 26, 2019
ISC StormCast for Tuesday, March 26th 2019
5:19
ASUS Live Update "ShadowHammer" Backdoor
https://www.kaspersky.com/blog/shadow-hammer-teaser
https://shadowhammer.kaspersky.com/
Telegram Unsent Feature
https://techcrunch.com/2019/03/25/going-going-gone/
F5 Big IP Updates
https://support.f5.com/csp/article/K14812883

Mar 25, 2019
ISC StormCast for Monday, March 25th 2019
6:08
Reversing Malware Written In Golang
https://isc.sans.edu/forums/diary/Introduction+to+analysing+Go+binaries/24770/
More "VelvetSweatshop" Maldocs
https://isc.sans.edu/forums/diary/VelvetSweatshop+Maldocs/24772/
Reading QR Codes in Python
https://isc.sans.edu/forums/diary/Decoding+QR+Codes+with+Python/24774/
Pwn2Own Contest: Firefox, Safari, Edge and others fall
https://www.zdnet.com/article/tesla-car-hacked-at-pwn2own-contest/
Norwegian Nokia Phones Sent Data to China (Article in Norwegian)
https://nrkbeta.no/2019/03/21/norske-telefoner-sendte-personopplysninger-til-kina/
Java Card Vulnerabilities
https://seclists.org/fulldisclosure/2019/Mar/35
Mar 24, 2019
ISC StormCast for Thursday, March 21st 2019
5:29
Google Photo Cross-Site-Leak Exposes Picture Meta Data
https://www.imperva.com/blog/now-patched-google-photos-vulnerability-let-hackers-track-your-friends-and-location-history/
Fake CDC EMails Spread GandCrab Ransomware
https://myonlinesecurity.co.uk/fake-cdc-flu-pandemic-warning-delivers-gandcrab-5-2-ransomware/
Atlassian Sourcetree Vulnerability
https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2019-03-06-966678691.html
Microsoft Defender for MacOS
https://www.theregister.co.uk/2019/03/21/microsoft_defender_atp/
Mar 21, 2019
ISC StormCast for Wednesday, March 20th 2019
5:40
Using Active Directory (AD) To Find Hosts That Are Not in AD
https://isc.sans.edu/forums/diary/Using+AD+to+find+hosts+that+arent+in+AD+fun+with+the+IPAddress+construct/24762/
Microsoft Anti Malware Crashing Windows
https://social.technet.microsoft.com/Forums/en-US/18ab60a3-3b26-4a07-b68d-84085ce66ce5/scep-crashing-pcs?forum=ConfigMgrCompliance&prof=required
Reduction in DDoS Attacks
https://www.nexusguard.com/threat-report-q4-2018
Mar 20, 2019
ISC StormCast for Wednesday, March 20th 2019
6:07
Cloudflare Releases Proxy Detection Tools
https://blog.cloudflare.com/monsters-in-the-middleboxes/
Business Email Compromise Moving to SMS
https://www.agari.com/email-security-blog/bec-goes-mobile/
JavaScript Requests Without Same Origin Policy Limitations
https://www.forcepoint.com/blog/security-labs/attacking-internal-network-public-internet-using-browser-proxy
Discovering IPv6 Hosts With UPNP
https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html#more
Mar 19, 2019
ISC StormCast for Monday, March 18th 2019
5:41
Putty Updates
https://www.chiark.greenend.org.uk/~sgtatham/putty/
Fujitsu Wireless Keyboard Vulnerabilities
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt
Signed Malware Goes Undetected
https://twitter.com/malwrhunterteam/status/1104082562216062978/photo/1?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1104082562216062978&ref_url=https%3A%2F%2Fwww.theregister.co.uk%2F2019%2F03%2F18%2Fsecurity_roundup_150319%2F
Free Support for Ubuntu 14.04 LTS Ends in April
https://lists.ubuntu.com/archives/ubuntu-announce/2019-March/000241.html
Latest Mirai Version with Even More Exploits
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
Mar 18, 2019
ISC StormCast for Sunday, March 17th 2019
7:02
Binary Analysis With Jupyter and Radare2
https://isc.sans.edu/forums/diary/Binary+Analysis+with+Jupyter+and+Radare2/24748/
IMAP Brute Forcing against Cloud Accounts
https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols
Google Allows GSuite Users to Disable SMS/Voice Authentication
https://gsuiteupdates.googleblog.com/2019/03/more-control-over-2-step-verification-security-phone-sms.html
Sniffing Bitlocker Keys from TPM
https://pulsesecurity.co.nz/articles/TPM-sniffing
Mar 17, 2019
ISC StormCast for Friday, March 15th 2019
5:13
Analyzing ZIP Files in Ghydra
https://isc.sans.edu/forums/diary/Tip+Ghidra+ZIP+Files/24732/
64 Bit Certificate Serial Number Revocation
https://adamcaudill.com/2019/03/09/tls-64bit-ish-serial-numbers-mass-revocation/
Cisco Default Account Problem
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv
Intel Patches
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Mar 15, 2019
ISC StormCast for Wednesday, March 13th 2019
6:10
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+March+2019+Patch+Tuesday/24742/
Adobe Updates
https://helpx.adobe.com/security.html
PSMiner
https://blog.360totalsecurity.com/en/new-mining-worm-psminer-uses-multiple-high-risk-vulnerabilities-to-spread/
Automatic Certificate Managment Environment
https://tools.ietf.org/html/rfc8555
Mar 13, 2019
ISC StormCast for Tuesday, March 12th 2019
5:05
DevOps Tool StackStorm Vulnerability
https://quitten.github.io/StackStorm/
Developers Will Not Code Secure By Default
https://net.cs.uni-bonn.de/fileadmin/user_upload/naiakshi/Naiakshina_Password_Study.pdf
Gaming Industry Supply Chain Attack
https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/
Mar 12, 2019
ISC StormCast for Monday, March 11th 2019
6:50
Reversing HTA Files
https://isc.sans.edu/forums/diary/Quick+and+Dirty+Malicious+HTA+Analysis/24728/
Apache SOLR Patch
https://issues.apache.org/jira/browse/SOLR-13301
Windows 7 + Google Chrome Exploit in the Wild
https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html
Vulnerable Car Alarms
https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/
Mar 10, 2019
ISC StormCast for Friday, March 8th 2019
6:23
RSA Panel Video
https://www.rsaconference.com/videos/the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them
Disposable E-Mail Addresses
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Disposable+Email+Addresses/24716/
NetApp Default Account Vulnerability
https://security.netapp.com/advisory/ntap-20190305-0001/
Cisco NS-OS NX-API Privilege Escalation
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj
Slub Backdoor Users GitHub and Slack
https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/
Mar 08, 2019
ISC StormCast for Thursday, March 7th 2019
6:25
More Resume Malspam. Now With Trickbot and EternalBlue
https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/
Cloudflare Deploys Rules to Protect Against Recent Drupal Exploit
https://www.bleepingcomputer.com/news/security/cloudflare-deploys-firewall-rule-to-block-new-drupal-exploits/
Cisco DoS Vulnerability Activity Exploited
https://www.pentestpartners.com/security-blog/cisco-rv130-its-2019-but-yet-strcpy/
MonitorKit uses macOS Game Engine to Analyze Security Events
https://github.com/objective-see
Mar 07, 2019
ISC StormCast for Wednesday, March 6th 2019
5:35
Comcast Uses same "0000" PIN For All Number Porting Requests
https://nakedsecurity.sophos.com/2019/03/05/comcast-security-nightmare-default-0000-pin-on-everybodys-account/
NSA Releases Ghidra Reverse Analysis Tool
https://ghidra-sre.org/
Recent Google Chrome Vulnerability Being Exploited
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html?m=1
Android Monthly Security Bulletin
https://source.android.com/security/bulletin/2019-03-01
Mar 06, 2019
ISC StormCast for Tuesday, March 5th 2019
5:50
MacOS Unpatched Privilge Escalation Vulnerability made Public
https://bugs.chromium.org/p/project-zero/issues/detail?id=1726
Windows Exploit Suggester Next Generation Released
https://github.com/bitsadmin/wesng
Docker Vulnerability used for Crypto Miners
https://www.imperva.com/blog/hundreds-of-vulnerable-docker-hosts-exploited-by-cryptocurrency-miners/
Russian GPS Jamming Exercises
https://thebarentsobserver.com/en/security/2019/03/russian-military-officials-arrive-oslo-norway-provides-facts-gps-jamming
Mar 05, 2019
ISC StormCast for Monday, March 4th 2019
5:39
Cisco Router Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
Coldfusion Patch and Exploit
https://www.carehart.org/blog/client/index.cfm/2019/3/1/urgent_CF_security_update_Part_1
Ransomware Impersonates Protonmail
https://twitter.com/demonslay335/status/1097866931762282498
eBay Site Used for eBay Phish (article in German)
https://www.heise.de/security/meldung/eBay-Phishing-auf-eBay-Seite-4324266.html
Mar 04, 2019
ISC StormCast for Friday, March 1st 2019
6:05
Emotet Backend Analysis
https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-droppers/
Kaspersky Vs. Chromecast
https://www.bleepingcomputer.com/news/security/kaspersky-av-having-certificate-conflicts-with-google-chromecast/
MageCart Updates
https://www.riskiq.com/research/inside-magecart/
Mar 01, 2019
ISC StormCast for Thursday, February 28th 2019
5:08
Coinhive Shutting Down
https://coinhive.com/blog/en/discontinuation-of-coinhive
Azure Blob Storage Phishing
https://www.edgewave.com/phishing/feeling-blue-about-phishing/
Old 2014 Elastic Search Vulnerability Exploited
https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html
Latest Drupal Vulnerability Exploited
https://www.imperva.com/blog/latest-drupal-rce-flaw-used-by-cryptocurrency-miners-and-other-attackers/
F5 Big IP Patches
https://support.f5.com/csp/article/K91026261
Feb 28, 2019
ISC StormCast for Wednesday, February 27th 2019
5:00
Thunderbolt "Thunderclap" Vulnerabilities
https://thunderclap.io/thunderclap-paper-ndss2019.pdf
Altering Signed PDF Documents
https://www.pdf-insecurity.org/
NVidia Patches
https://nvidia.custhelp.com/app/answers/detail/a_id/4772
Feb 27, 2019
ISC StormCast for Tuesday, February 26th 2019
7:09
WinRAR ACE Vulnerabilty used in Malspam
https://twitter.com/360TIC/status/1099987939818299392
Sextortion Email With QR Code
https://isc.sans.edu/forums/diary/Sextortion+Email+Variant+With+QR+Code/24686/
ICANN Pushes DNSSEC to Defend Against DNS Zone Manipulation
https://www.icann.org/news/announcement-2019-02-22-en
Android FIDO2 Certification
https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/
Feb 26, 2019
ISC StormCast for Monday, February 25th 2019
5:29
B0ront0k Linux Server Ransomware
https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
Cr1pt0r Ransomware Targets DLink NAS Devices
https://www.bleepingcomputer.com/forums/t/691852/cr1ptt0r-ransomware-files-encrypted-readmetxt-support-topic/page-3
LinkedIn Messages Used to Push Fake Job Offers
https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers
Feb 25, 2019
ISC StormCast for Friday, February 22nd 2019
6:34
Adobe Re-Patches Reader/Acrobat Data Leakage Bug
https://helpx.adobe.com/security/products/acrobat/apsb19-13.html
Microsoft Releases Fix for DoS Vulnerability in IIS
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190005
Drupal Fixes Remote Code Execution Vulnerability
https://www.drupal.org/sa-core-2019-003
Linux Kernel Code Execution Vulnerablity
https://nvd.nist.gov/vuln/detail/CVE-2019-8912
MikroTik Unauthenticated Proxy
https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
Feb 22, 2019
ISC StormCast for Thursday, February 21st 2019
6:07
Microsoft Edge Whitelists Facebook to Run Flash
https://bugs.chromium.org/p/project-zero/issues/detail?id=1722
Chinese Android Banking App Stores Screenshots of Other Apps
https://jqknews.com/news/141073-Jingdong_Finance_denied_stealing_user_information_saying_that_the_image_cache_was_only_local.html
Password Manager Vulnerabilities
https://www.securityevaluators.com/casestudies/password-manager-hacking/
Feb 21, 2019
ISC StormCast for Wednesday, February 20th 2019
6:08
Russian Malspam Pushing Shade/Troldesh Ransomware
https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/
Bitdefender Releases GandCrab Decrypter
https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/
Bank Infrastructure Used in Phishing Attacks (russian)
https://www.group-ib.ru/blog/incident
SHA-2 Patch For Windows 7 / 2008 R2 SP1
https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
Feb 20, 2019
ISC StormCast for Tuesday, February 19th 2019
5:29
Know What You Are Logging
https://isc.sans.edu/forums/diary/Know+What+You+Are+Logging/24656/
Spectre Software Mitigation Insufficient
https://arxiv.org/pdf/1902.05178.pdf
VMWare Releases Update To Address runc Vulnerability
https://www.vmware.com/security/advisories/VMSA-2019-0001.html
Swedish Healthcare Breach Leaks Phone call Recordings
https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet
Feb 19, 2019
ISC StormCast for Monday, February 18th 2019
5:05
Snap Patches Available
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing
Finding Property Values in Office Documents
https://isc.sans.edu/forums/diary/Finding+Property+Values+in+Office+Documents/24652/
Bro-Sysmon
https://engineering.salesforce.com/test-out-bro-sysmon-a6fad1c8bb88
Cryptojacking Apps in Microsoft App Store
https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store
Feb 18, 2019
ISC StormCast for Friday, February 15th 2019
5:47
PDF includes SMB Link
https://isc.sans.edu/forums/diary/Suspicious+PDF+Connecting+to+a+Remote+SMB+Share/24646/
QNAP Malware
https://www.qnap.com/en/security-advisory/nas-201902-13
Bomb Threat Spammers Arrested
https://www.justice.gov/usao-cdca/pr/members-hacker-collective-face-federal-charges-attacking-computer-systems-emailing-mass
Managed Service Providers Targeted By Ransomware
https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/
Feb 15, 2019
ISC StormCast for Thursday, February 14th 2019
5:50
Fake Updates Campaign Still Active in 2019
https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+2019/24640/
macOS Malware (Shlayer) Disables Gatekeeper
https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/
Microsoft Exchange Server Patch (Errata for yesterday's podcast)
https://support.microsoft.com/en-ca/help/4490060/exchange-web-services-push-notifications-can-provide-unauthorized-acce
Cisco Network Assurance Engine Password Synchronization Issue
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos
VFEMail Backup Failure
https://www.vfemail.net/
Feb 14, 2019
ISC StormCast for Wednesday, February 13th 2019
5:24
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+February+2019+Patch+Tuesday/24638/
Adobe Updates
https://helpx.adobe.com/security.html
Ubuntu Linux snapd "dirty_sock" exploit
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
Feb 13, 2019
ISC StormCast for Tuesday, February 12th 2019
4:54
Severe Docker runc Vulnerability
https://seclists.org/oss-sec/2019/q1/119
MacOS Mojave Privacy Flaw
https://lapcatsoftware.com/articles/mojave-privacy3.html
Android Malware Steals Crypto Addresses from Clipboard
https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/
Not An E-Mail Virus, Just Intersting Malware
https://isc.sans.edu/forums/diary/Have+You+Seen+an+Email+Virus+Recently/24634/
Feb 12, 2019
ISC StormCast for Monday, February 11th 2019
6:49
Phishing Kit with JavaScript Keylogger
https://isc.sans.edu/forums/diary/Phishing+Kit+with+JavaScript+Keylogger/24622/
Phishing Via Google Translate
https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html
iPhone Apps Record Screens
https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/
Packet Challenge
https://johannes.homepc.org/packet10.txt
Feb 11, 2019
ISC StormCast for Friday, February 8th 2019
5:28
Value of UAC
https://isc.sans.edu/forums/diary/UAC+is+not+all+that+bad+really/24620/
Apple Releases Facetime Patch
https://support.apple.com/en-us/HT201222
Skype Video Now Allows For Blurred Background
https://blogs.skype.com/news/2019/02/06/introducing-background-blur-in-skype/
Microsoft Exchange Server Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv190007
Feb 08, 2019