Podcast SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich Episodes

Explore every episode of the podcast SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Dive into the complete episode list for SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast). Each episode is cataloged with detailed descriptions, making it easy to find and explore specific topics. Keep track of all episodes from your favorite podcast and never miss a moment of insightful content.

	Title	Pub. Date	Duration
	SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail	03 Apr 2025	00:09:23
Surge in Scans for Juniper t128 Default User Lasst week, we dedtect a significant surge in ssh scans for the username t128 . This user is used by Juniper s Session Smart Routing, a product they acquired from 128 Technologies which is the reason for the somewhat unusual username. https://isc.sans.edu/diary/Surge%20in%20Scans%20for%20Juniper%20%22t128%22%20Default%20User/31824 Vulnerable Verizon API Allowed for Access to Call Logs An API Verizon offered to users of its call filtering application suffered from an authentication bypass vulnerability allowing users to access any Verizon user s call history. While using a JWT to authenticate the user, the phone number used to retrieve the call history logs was passed in a not-authenticated header. https://evanconnelly.github.io/post/hacking-call-records/ Google Offering End-to-End Encryption to G-Mail Business Users Google will add an end-to-end encryption feature to commercial GMail users. However, for non GMail users to read the emails they first must click on a link and log in to Google. https://workspace.google.com/blog/identity-and-security/gmail-easy-end-to-end-encryption-all-businesses
	SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything;	02 Apr 2025	00:07:16
Apple Patches Everything Apple released updates for all of its operating systems. Most were released on Monday with WatchOS patches released today on Tuesday. Two already exploited vulnerabilities, which were already patched in the latest iOS and macOS versions, are now patched for older operating systems as well. A total of 145 vulnerabilities were patched. https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20March%2031st%202025%20Edition/31816 VMWare Workstation and Fusion update check broken VMWare s automatic update check in its Workstation and Fusion products is currently broken due to a redirect added as part of the Broadcom transition https://community.broadcom.com/vmware-cloud-foundation/question/certificate-error-is-occured-during-connecting-update-server NIM Postgres Vulnerability NIM Developers using prepared statements to send SQL queries to Postgres may expose themselves to a SQL injection vulnerability. NIM s Postgres library does not appear to use actual prepared statements; instead, it assembles the code and the user data as a string and passes them on to the database. This may lead to a SQL injection vulnerability https://blog.nns.ee/2025/03/28/nim-postgres-vulnerability/
	SANS Stormcast Thursday Mar 20th: Cisco Smart Licensing Attacks; Vulnerable Drivers again; Synology Advisories Updated	20 Mar 2025	00:07:09
Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 CVE-2024-20440 Attackers added last September's Cisco Smart Licensing Utility vulnerability to their toolset. These attacks orginate most likely from botnets and the same attackers are scanning for a wide range of additional vulnerabilities. The vulnerability is a static credential issue and trivial to exploit after the credentials were published last fall. https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Cisco%20Smart%20Licensing%20Utility%20CVE-2024-20439%20and%20CVE-2024-20440/31782 Legacy Driver Exploitation Through Bypassing Certificate Verification Ahnlab documented a new type of "bring your own vulnerable driver" vulnerability. In this case, an old driver used by an anit-malware and anti-rootkit system can be used to shut down arbitrary processeses, including security related processeses. https://asec.ahnlab.com/en/86881/ Synology Vulnerability Updates Synology updates some security advisories it release last year adding addition details and vulnerable systems. https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 https://www.synology.com/en-global/security/advisory/Synology_SA_24_24
	ISC StormCast for Wednesday, October 23rd, 2024	23 Oct 2024	00:05:21
How much HTTP (not HTTPS) Traffic is Traversing Your Perimeter? https://isc.sans.edu/diary/How%20much%20HTTP%20%28not%20HTTPS%29%20Traffic%20is%20Traversing%20Your%20Perimeter%3F/31372 VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 Unifi Security Advisory Bulletin 043 https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7 Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability. https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability Atlassian Security Bulletin - October 15 2024 https://confluence.atlassian.com/security/security-bulletin-october-15-2024-1442910972.html OneDev Arbitrary file reading for unauthenticated user https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489
	ISC StormCast for Thursday, February 18th, 2021	18 Feb 2021	00:05:53
The new "LinkedInSecureMessage" Phish https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/ Apple M1 Optimized Malware https://objective-see.com/blog/blog_0x62.html QNAP Surveilance Station Vulnerability https://www.qnap.com/en/security-advisory/qsa-21-07 Masslogger Exfiltrates User Credentials https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html
	ISC StormCast for Wednesday, February 17th, 2021	17 Feb 2021	00:05:15
More Weirdness on TCP Port 26 https://isc.sans.edu/forums/diary/More+weirdness+on+TCP+port+26/27106/ Microsoft Pulls Servicing Stack Update https://threatpost.com/microsoft-windows-update-patch-tuesday/163981/ Network Monitoring Company Centreon Compromised https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf SHAREit Flaw Could Lead to Remote Code Execution https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html VSCode NPM Extension RCE https://github.com/jackadamson/CVE-2021-26700
	ISC StormCast for Tuesday, February 16th, 2021	16 Feb 2021	00:06:39
Securing and Optimizing Networks Using pfSense Traffic Shaper to Combat Bufferbloat https://isc.sans.edu/forums/diary/Securing+and+Optimizing+Networks+Using+pfSense+Traffic+Shaper+Limiters+to+Combat+Bufferbloat/27102/ Apple to Proxy Safe Browsing Requests https://twitter.com/othermaciej/status/1359736220809531393 Power Outages and Some Network Outages as a Result https://downdetector.com Phone Scam Success Rates https://www.helpnetsecurity.com/2021/02/15/lost-money-to-phone-scams/ https://nakedsecurity.sophos.com/2021/02/12/sms-tax-scam-unmasked-bogus-but-believable-dont-fall-for-it/
	ISC StormCast for Monday, February 15th, 2021	15 Feb 2021	00:07:49
AgentTesla Dropped Through Automatic Click in Microsoft Help File https://isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/ Telegram used to Defraud Delivery Serivces https://thefintechtimes.com/sift-finds-new-telegram-fraud-exploiting-increasing-use-of-food-delivery-services/ Singtel Suffers Zero-DAy Cyberattack https://threatpost.com/singtel-zero-day-cyberattack/163938/ Vulnerabilities in Mobile Health Apps https://approov.io/download/all-that-we-let-in_hacking-mhealth-apps-and-apis.pdf Bloomberg Supermicro Story https://www.bloomberg.com/features/2021-supermicro/ https://www.theregister.com/2021/02/12/supermicro_bloomberg_spying/
	ISC StormCast for Friday, February 12th, 2021	12 Feb 2021	00:05:41
Agent Tesla Hidden in Historical Anti-Malware Tool https://isc.sans.edu/forums/diary/Agent+Tesla+hidden+in+a+historical+antimalware+tool/27088/ McAfee Total Protection Vulnerabilities https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx Intel Patches https://blogs.intel.com/technology/2021/02/ipas-security-advisories-for-february-2021 Discord Used to Distribute Malware https://www.zscaler.com/blogs/security-research/discord-cdn-popular-choice-hosting-malicious-payloads
	ISC StormCast for Thursday, February 11th, 2021	11 Feb 2021	00:05:47
Phishing Message to the ISC Handlers E-Mail Distro https://isc.sans.edu/forums/diary/Phishing+message+to+the+ISC+handlers+email+distro/27082/ Google Phishing Statistics https://cloud.google.com/blog/products/workspace/how-gmail-helps-users-avoid-email-scams Adobe Security Updates https://helpx.adobe.com/security/products/acrobat/apsb21-09.html Apple Sudo Patch https://support.apple.com/en-us/HT212177 Number:Jack ISN Generation Weaknesses https://www.forescout.com/company/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/
	ISC StormCast for Wednesday, February 10th, 2021	10 Feb 2021	00:06:31
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2021+Patch+Tuesday/27080/ https://www.theregister.com/2021/02/09/microsoft_patch_tuesday/ Dependency Confusion https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf
	ISC StormCast for Tuesday, February 9th, 2021	09 Feb 2021	00:05:49
Tshark and Malware Analysis https://isc.sans.edu/forums/diary/Quickie+tshark+Malware+Analysis/27076/ Barcode Scanner Going Bad https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/ Morse Code Obfuscation https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/ Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2021-06/ Water Treatment Facility Compromised https://www.reuters.com/article/us-usa-cyber-florida/hackers-broke-into-florida-towns-water-treatment-plant-attempted-to-poison-supply-sheriff-says-idUSKBN2A82FV
	ISC StormCast for Monday, February 8th, 2021	08 Feb 2021	00:06:00
VBA Macro Trying to Alter the Application Menus https://isc.sans.edu/forums/diary/VBA+Macro+Trying+to+Alter+the+Application+Menus/27068/ The Great Suspender Going Malicious https://www.zdnet.com/article/google-kills-the-great-suspender-heres-what-you-should-do-next/ https://github.com/greatsuspender/thegreatsuspender/issues/1263 Google Chrome Zero Day https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html Plex Media SSDP Amplication DDoS https://www.netscout.com/blog/asert/plex-media-ssdp-pmssdp-reflectionamplification-ddos-attack
	ISC StormCast for Friday, February 5th, 2021	05 Feb 2021	00:06:27
Abusing Google Chrome Extension Syncing For Data Exfiltration and C&C https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/ Microsoft Defender ATP Google Chrome False Positive https://twitter.com/itquartz/status/1356940218138509312 Social Engineering Attacks against Security Researchers Used IE 0 day https://enki.co.kr/blog/2021/02/04/ie_0day.html# https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/
	ISC StormCast for Tuesday, October 22nd, 2024	22 Oct 2024	00:06:26
A Network Nerd's Take on Emergency Preparedness https://isc.sans.edu/diary/A%20Network%20Nerd%27s%20Take%20on%20Emergency%20Preparedness/31356 HM Surf Vulnerability Access to Camera Exploited CVE-2024-44133 https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/ Fortinet releases patches for undisclosed critical FortiManager vulnerability https://www.helpnetsecurity.com/2024/10/21/fortimanager-critical-vulnerability/ ScienceLogic Vulnerability https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6 https://docs.sciencelogic.com/latest/Content/Web_Admin_and_Accounts/System_Administration/sys_admin_system_upgrade.htm
	ISC StormCast for Thursday, February 4th, 2021	04 Feb 2021	00:06:03
Excel Spreadsheets Push SystemBC Malware https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/ SolarWinds Vulnerability https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28389 SolarWinds SANS Lightning Summit https://www.sans.org/webcasts/solarwinds-lightning-summit-118550 SonicWall Patch https://www.sonicwall.com/support/product-notification/urgent-patch-available-for-sma-100-series-10-x-firmware-zero-day-vulnerability-updated-feb-3-2-p-m-cst/210122173415410/ Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x Realtek RTL8195A Wi-Fi Module Vulnerability https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered
	ISC StormCast for Wednesday, February 3rd, 2021	03 Feb 2021	00:06:07
New Example of XSL Script Processing aka "Mitre T1220" https://isc.sans.edu/forums/diary/New+Example+of+XSL+Script+Processing+aka+Mitre+T1220/27056/ Camerfirma Certificate Authority Revocation https://groups.google.com/g/mozilla.dev.security.policy/c/jif4zWNgGPw Kobalos HPC Linux Malware https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/ Agent Tesla Overwries Windows AMSI https://threatpost.com/agent-tesla-microsoft-asmi/163581/
	ISC StormCast for Tuesday, February 2nd, 2021	02 Feb 2021	00:06:07
MacOS 11.2 Update https://support.apple.com/en-us/HT212147 Objective-See Tools Now Open Sources https://twitter.com/patrickwardle/status/1356149073045143553 iMessage Blastdoor https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html SonicWall Update https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/
	ISC StormCast for Monday, February 1st, 2021	01 Feb 2021	00:05:25
Perl.com Domain Hijacked https://www.ehackingnews.com/2021/01/perlcom-official-site-for-perl.html Spamcop Domain Expired https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/ libgcrypt vulnerability https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html Fingerprinting QUIC https://arxiv.org/pdf/2101.11871.pdf
	ISC StormCast for Friday, January 29th, 2021	29 Jan 2021	00:06:01
New Cryptojacking Malware https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/ SlipStreaming https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/ Shadowsocks https://shadowsocks.org/en/index.html
	ISC StormCast for Thursday, January 28th, 2021	28 Jan 2021	00:06:17
Emotet vs. Windows Attack Surface Reduction https://isc.sans.edu/forums/diary/Emotet+vs+Windows+Attack+Surface+Reduction/27036/ Go Lang Vulnerability https://blog.golang.org/path-security Azure Docker Escape https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/
	ISC StormCast for Wednesday, January 27th, 2021	27 Jan 2021	00:06:41
Critical sudo Vulnerability https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit Quakbot (QBot) Update https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+Qakbot+Qbot/27030/ Targeting Security Researchers https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ Apple Updates iOS, iPad, tvOS, watchOS, Xcode and iCloud for Windows https://support.apple.com/en-us/HT201222
	ISC StormCast for Tuesday, January 26th, 2021	26 Jan 2021	00:04:46
Fun With nmap nse Scripts and DoH (DNS over HTTPS) https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/ Malicious NPM Module Stealing Discord Passwords https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains Mitigating the $I30 Bug https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/ https://github.com/OSRDrivers/i30Flt ProtonVPN BSOD https://protonstatus.com/incidents/124
	ISC StormCast for Monday, January 25th, 2021	25 Jan 2021	00:05:57
Another File Extension to Block: JNLP https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/ SonicWall Vulnerability Used to Breach SonicWall https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/ iObit Forum Breached / Used for Ransomware Distribution https://www.bleepingcomputer.com/forums/t/741190/derohe-ransomware-distributed-through-fake-iobit-one-year-free-license-key-promo/
	ISC StormCast for Friday, January 22nd, 2021	22 Jan 2021	00:13:50
Powershell Ropping REvil Ransomware https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/ SAP Exploit Circulating https://onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujan2021.html RDP Used for DDoS https://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification Billy Wilson: Mitigating Attacks Against Supercomputers with KRSI https://www.sans.org/reading-room/whitepapers/linux/mitigating-attacks-supercomputer-krsi-40010
	ISC StormCast for Monday, October 21st, 2024	21 Oct 2024	00:05:42
Microsoft 365: Partially incomplete log data due to monitoring agent issue https://m365admin.handsontek.net/multiple-services-partially-incomplete-log-data-due-to-monitoring-agent-issue/ End-to-End Encrytped Cloud Storage in the Wild: A Broken Ecosystem https://brokencloudstorage.info/paper.pdf ESET Branded Malware https://x.com/ESETresearch/status/1847192384448172387 Synology Update https://www.synology.com/en-us/security/advisory/Synology_SA_24_17 Spring Framework Update CVe-2024-38819 CVE-2024-38820 https://spring.io/blog/2024/10/17/spring-framework-cve-2024-38819-and-cve-2024-38820-published Grafana Security Release CVE-2024-9264 https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/
	ISC StormCast for Thursday, January 21st, 2021	21 Jan 2021	00:07:10
SolarWinds Updates https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/ https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/ Cisco Advisories https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj Evesdropping Vulnerabilities in Various WebRTC Based Video Conferencing Systems https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html Oracle Business Intelligence Enterprise Edition XSS https://www.exploit-db.com/exploits/49444
	ISC StormCast for Wednesday, January 20th, 2021	20 Jan 2021	00:05:49
Qakbot Activity Resumes After Holiday Break https://isc.sans.edu/forums/diary/Qakbot+activity+resumes+after+holiday+break/27008/ Multiple dnsmasq Vulnerabilities https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf FreakOut Malware https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/ Kids Break Screensaver https://github.com/linuxmint/cinnamon-screensaver/issues/354
	ISC StormCast for Tuesday, January 19th, 2021	19 Jan 2021	00:05:45
Doc And RTF Malicious Document https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/ Center for Internet Security Cisco NX-OS Benchmark https://www.cisecurity.org/cis-benchmarks/ Exploit for Shazam Geolocation Vulnerablity https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792 Voice Phishing and Internal Messaging Systems Used to Escalate Privileges https://www.ic3.gov/Media/News/2021/210115.pdf
	ISC StormCast for Monday, January 18th, 2021	18 Jan 2021	00:05:11
Scans for DNS over HTTPs https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/ https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments Netlogon Domain Controller Enforcement Mode Starting February 9th https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/ Apple Removing ContentFilterExclusionList https://www.patreon.com/posts/46179028
	ISC StormCast for Friday, January 15th, 2021	15 Jan 2021	00:04:52
Dynamically Analzying A Heavily Obfuscted Excel 4 Macro Malicious File https://isc.sans.edu/forums/diary/Dynamically+analyzing+a+heavily+obfuscated+Excel+4+macro+malicious+file/26986/ Odd Filename Corrupts NTFS Disks https://twitter.com/jonasLyk/status/1347900440000811010 Cisco Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x
	ISC StormCast for Thursday, January 14th, 2021	14 Jan 2021	00:06:02
Hancitor Activity Resumes After a Holiday Break https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/ Intel Hardware-Enabled Ransomware Protections https://www.cybereason.com/blog/cybereason-and-intel-introduce-hardware-enabled-ransomware-protections-for-businesses Making Clouds Rain: RCE in Microsoft Office 365 https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html#fn:1 SAP Security Patch Day https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
	ISC StormCast for Wednesday, January 13th, 2021	13 Jan 2021	00:06:12
MSFT January 2021 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+January+2021+Patch+Tuesday/26978/ Adobe Patches https://helpx.adobe.com/security.html MimeCast Cert Stolen https://www.mimecast.com/blog/important-update-from-mimecast/ Leaking Silhouettes of Cross-Origin Images https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/
	ISC StormCast for Tuesday, January 12th, 2021	12 Jan 2021	00:05:57
Using the NVD Database API Part 3/3 https://isc.sans.edu/forums/diary/Using+the+NVD+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Tool+Drop+CVEScan+Part+3+of+3/26974/ Sysinternals Update https://docs.microsoft.com/en-us/sysinternals/ Ubiquiti Breach https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/ Run-Only AppleScript Reversing https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
	ISC StormCast for Monday, January 11th, 2021	11 Jan 2021	00:05:47
Maldoc Strings Analysis https://isc.sans.edu/forums/diary/Maldoc+Strings+Analysis/26966/ CVSS Reliablity Survey https://user-surveys.cs.fau.de/index.php?r=survey/index&sid=248857 Fake Trump Video Malware https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-qnode-rat-downloader-distributed-as-trump-video-scandal/ SMS Phishing (Smishing) https://www.bbc.com/news/business-55563748 dnsren vulnerability https://www.exploit-db.com/exploits/49394
	ISC StormCast for Friday, January 8th, 2021	08 Jan 2021	00:15:50
Using the NIST Database and API to Keep Up with Vulnerabilities https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/ Titan Security Key https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf The Great Suspender Google Chrome Extension https://www.theregister.com/2021/01/07/great_suspender_malware/ Brian Nishida: Ubuntu Artifacts Generated by Gnome Desktop Environment https://www.sans.org/reading-room/whitepapers/forensics/ubuntu-artifacts-generated-gnome-desktop-environment-40035
	ISC StormCast for Friday, October 18th, 2024	18 Oct 2024	00:05:52
Scanning Activity from Subnet 15.184.0.0/16. https://isc.sans.edu/diary/Scanning%20Activity%20from%20Subnet%2015.184.0.0%2016/31362 Gatekeeper Bypass /unit42.paloaltonetworks.com/gatekeeper-bypass-macos/ Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2024.html Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy SAP Vulnerability https://redrays.io/blog/poc-sap-note-3433192-code-injection-vulnerability-in-sap-netweaver-as-java/ Dept. of Commerce Sites Advertising Medication https://x.com/tliston/status/1833542884047654984
	ISC StormCast for Thursday, January 7th, 2021	07 Jan 2021	00:04:23
Zyxel Exploitation Under Way https://isc.sans.edu/forums/diary/Scans+for+Zyxel+Backdoors+are+Commencing/26954/ Fortinet Patches https://www.fortiguard.com/psirt?date=01-2021 Foxit PhantomPDF Patches https://www.foxitsoftware.com/support/security-bulletins.html Firefox Android Updates https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/
	ISC StormCast for Wednesday, January 6th, 2021	06 Jan 2021	00:05:52
Netfox Detective: An Alternative Open-Source Packet Analysis Tool https://isc.sans.edu/forums/diary/Netfox+Detective+An+Alternative+OpenSource+Packet+Analysis+Tool/26950/ ElectroRAT Drains Cryptocurrency Accounts https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/ Chrome Will Prefer HTTPS over HTTP By Default https://chromium-review.googlesource.com/c/chromium/src/+/2568448 Android January Patch Day https://source.android.com/security/bulletin/2021-01-01 Telegram Publishes Users' Locations Online https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html
	ISC StormCast for Tuesday, January 5th, 2021	05 Jan 2021	00:05:24
From a Small BAT File to Mass Logger Infostealer https://isc.sans.edu/forums/diary/From+a+small+BAT+file+to+Mass+Logger+infostealer/26946/ Citrix Releases Updates Addressing DTLS Flaw https://support.citrix.com/article/CTX289674 Zend Framework Deserialization Flaw https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007 https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20 %20rce.md
	ISC StormCast for Monday, January 4th 2021	04 Jan 2021	00:04:22
Traffic Analysis Quiz https://isc.sans.edu/forums/diary/End+of+Year+Traffic+Analysis+Quiz/26940/ Zyxel Backdoor https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html Microsoft Source Code Accessed As a Result of SolarWinds Backdoor https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
	ISC StormCast for Wednesday, December 30th 2020	30 Dec 2020	00:04:16
Accessing Restricted Directory Listings via Your AV Solution https://isc.sans.edu/forums/diary/Want+to+know+whats+in+a+folder+you+dont+have+a+permission+to+access+Try+asking+your+AV+solution/26932/ Coin Miner Malware Written in Go https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/?fbclid=IwAR3eFiHCNoqr5mc2UAOcm8nocjUOjZn0cpcAiSoYmn__JtJfBbjqUUT1OwQ AutoHotKey Credential Stealer https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html
	ISC StormCast for Tuesday, December 29th 2020	29 Dec 2020	00:05:28
Extending Android Device Compatibility for Let's Encrypt Certificates https://letsencrypt.org/2020/12/21/extending-android-compatibility.html Insufficient Patch for Windows 8.1/10 Print Spooler https://bugs.chromium.org/p/project-zero/issues/detail?id=2096 Google Docs Vulnerability https://savebreach.com/stealing-private-documents-through-a-google-docs-bug/ CCC Conferences Virtual https://streaming.media.ccc.de/rc3
	ISC StormCast for Monday, December 28th 2020	28 Dec 2020	00:05:35
base64dump.py Supported Encodings https://isc.sans.edu/forums/diary/base64dumppy+Supported+Encodings/26924/ String Analysis and Maldocs https://isc.sans.edu/forums/diary/Quickie+String+Analysis+Maldocs/26922/ Malicious Word Document Delivering an Octopus Backdoor https://isc.sans.edu/forums/diary/Malicious+Word+Document+Delivering+an+Octopus+Backdoor/26918/ Analysis Dridex Dropper, IoC extraction https://isc.sans.edu/forums/diary/Analysis+Dridex+Dropper+IoC+extraction+guest+diary/26920/ AT&T Outage due to Nashville Explosion https://about.att.com/pages/disaster_relief/nashville.html SolarWinds SUPERNOVA Malware / API Vulnerability https://www.solarwinds.com/securityadvisory Citrix ADC DDoS Attack https://support.citrix.com/article/CTX289674 Crowdstrike Reporting Tool for Azure https://github.com/CrowdStrike/CRT
	ISC StormCast for Wednesday, December 23rd 2020	23 Dec 2020	00:03:50
Malware Victim Selection Through WiFi Identification https://isc.sans.edu/forums/diary/Malware+Victim+Selection+Through+WiFi+Identification/26910/ New Treck IP Stack Vulnerabilities https://treck.com/vulnerability-response-information/ Detecting Treck IP Stack https://github.com/Forescout/project-memoria-detector
	ISC StormCast for Tuesday, December 22nd 2020	22 Dec 2020	00:06:14
What's The Deal With Openportstats.com? https://isc.sans.edu/forums/diary/Whats+the+deal+with+openportstatscom/26912/ Dell Wyse ThinOS 8.6 Security Update https://www.dell.com/support/kbdoc/en-hr/000180768/dsa-2020-281 SolarWinds 2nd Backdoor https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/ SolarWinds Domains https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/
	ISC StormCast for Monday, December 21st 2020	21 Dec 2020	00:05:31
A slightly optimistic tale of how patching went for CVE-2019-19781 https://isc.sans.edu/forums/diary/A+slightly+optimistic+tale+of+how+patching+went+for+CVE201919781/26900/ Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working https://isc.sans.edu/forums/diary/Headsup+VirusTotal+Functionality+in+Sysinternals+Tools+Not+Working/26906/ Kasachstan: Browsers Block Government Certificate Authority https://www.zdnet.com/article/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-https-certificate/ 5G Vulnerabilities https://positive-tech.com/about/news/vulnerabilities-in-standalone-5g-networks-could-allow-attackers-to-steal-credentials-and-falsify-subscriber-authentication/ Bouncy Castle BCrypt Password Verification Error https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/
	ISC StormCast for Thursday, October 17th, 2024	17 Oct 2024	00:05:38
The Top 10 Not So Common SSH Usernames and Passwords https://isc.sans.edu/diary/The%20Top%2010%20Not%20So%20Common%20SSH%20Usernames%20and%20Passwords/31360 CISA Product Security Bad Practices https://www.cisa.gov/resources-tools/resources/product-security-bad-practices Kubernetes Image Builder Vulnerability CVE-2024-9486 CVE-2024-9594 https://discuss.kubernetes.io/t/security-advisory-cve-2024-9486-and-cve-2024-9594-vm-images-built-with-kubernetes-image-builder-use-default-credentials/30119 Solarwinds Hardcoded Password Exploited CVE-2024-28987 https://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/ Bypassing noexec and executing arbitrary binaries https://iq.thc.org/bypassing-noexec-and-executing-arbitrary-binaries Workshop Website: https://www.sansapi.com/ https://www.sansapi.com/docs
	ISC StormCast for Friday, December 18th 2020	18 Dec 2020	00:06:20
Token Authentication Requirements for Git Operations https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ Google Attempting to Speed Up OS Update Adoption https://android-developers.googleblog.com/2020/12/treble-plus-one-equals-four.html Trend Micro InterScan Web Security Virtual Appliance Vulnerability https://success.trendmicro.com/solution/000283077 Malicios Browser Extensions https://blog.avast.com/malicious-browser-extensions-avast
	ISC StormCast for Thursday, December 17th 2020	17 Dec 2020	00:06:06
Cloud DNS Logs https://isc.sans.edu/forums/diary/DNS+Logs+in+Public+Clouds/26892/ Solarwinds Update https://www.heise.de/news/l-f-SolarWinds-Backdoor-Hersteller-sorgte-fuer-Ausnahmen-von-AV-Ueberwachung-4990910.html https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/ Hewlett Packard Enterprise Systems Insight Manager (SIM) Vulnerability https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us SAP HANA SAML Validation Weakness https://www.secureauth.com/blog/secureauth-uncovers-saml-validation-weakness-in-sap-hana/

About us Privacy Policy