SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

By SANS Internet Stormcenter Handlers

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Description

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Episode Date
ISC StormCast for Wednesday, June 20th 2018
5:31
PowerShell ScriptBlock Loggin Bypass in the Wild
https://isc.sans.edu/forums/diary/PowerShell+ScriptBlock+Logging+Or+Not/23782/
Virustotal "False Positive" Alert
http://blog.virustotal.com/2018/06/vtmonitor-to-mitigate-false-positives.html
Cloud Environments Explosed to the Internet
https://info.lacework.com/hubfs/Containers%20At-Risk_%20A%20Review%20of%2021,000%20Cloud%20Environments.pdf
Google Home DNS Rebinding Attack Reveals Geolocation
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home
Jun 19, 2018
ISC StormCast for Tuesday, June 19th 2018
5:53
Obfuscated JavaScript Targeting Mobile Devices
https://isc.sans.edu/forums/diary/Malicious+JavaScript+Targeting+Mobile+Browsers/23778/
Axis Camera Vulnerabilities
https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/
Apple Caches Confidential Data on Unencrypted Drives
https://wojciechregula.blog/your-encrypted-photos-in-macos-cache/
Andy Emulator Infected With CryptoMiner
https://www.reddit.com/r/emulators/comments/8rj8g5/warning_andy_android_emulator_andyos_andyroid/
Jun 19, 2018
ISC StormCast for Monday, June 18th 2018
6:32
SMTP Strangeness - Possible C2
https://isc.sans.edu/forums/diary/SMTP+Strangeness+Possible+C2/23770/
Encrypted Office Documents
https://isc.sans.edu/forums/diary/Encrypted+Office+Documents/23774/
Recent Port 8000 Scans
https://www.bleepingcomputer.com/news/security/all-that-port-8000-traffic-this-week-yeah-thats-satori-looking-for-new-bots/
New Clipboard Cryptocoin Stealing Bot
https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/
WebUSB Weakness
https://pwnaccelerator.github.io/2018/webusb-yubico-disclosure.html
Jun 18, 2018
ISC StormCast for Friday, June 15th 2018
12:14
Analyzing a Compromised Wordpress Site
https://isc.sans.edu/forums/diary/A+Bunch+of+Compromized+Wordpress+Sites/23764/
Breacking Bluetooth Low Energy Smart Padlock
https://www.pentestpartners.com/security-blog/totally-pwning-the-tapplock-smart-lock/
WIM Disk Image Vulnerability
https://blog.talosintelligence.com/2018/06/vulnerability-spotlight-talos-2018-0545.html
Extracting Timely Sign-In Data from Office 365 Logs
https://www.sans.org/reading-room/whitepapers/logging/extracting-timely-sign-in-data-office-365-logs-38435
Jun 15, 2018
ISC StormCast for Thursday, June 14th 2018
5:53
From MicroTik With Love: Yet Another Router Botnet?
https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/
Using Cortana To Compromise Windows 10
https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140/
Compromised Docker Images
https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers
Lazy FPU Save/Restore Allows Malware Access to FPU
https://access.redhat.com/solutions/3485131
Jun 14, 2018
ISC StormCast for Wednesday, June 13th 2018
5:50
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+June+2018+Patch+Tuesday/23758/
Apple Code Signing Verification Vulnerability
https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/
Google Chrome Restricting Inline Extension Install
https://blog.chromium.org/2018/06/improving-extension-transparency-for.html
Jun 13, 2018
ISC StormCast for Tuesday, June 12th 2018
4:46
More Malspam Pushing Lokibot
https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/
Ethereum JSON RPC Theft
https://twitter.com/360Netlab/status/1006065566728085504
CryptoCurrency Miner Plays hide-and-seek
https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/
Apple Outlaws Crypto Currency Miners in App Store
https://developer.apple.com/app-store/review/guidelines/#hardware-compatibility
FBI Arrests Suspect in BEC Investigation
https://www.fbi.gov/news/stories/international-bec-takedown-061118
Jun 12, 2018
ISC StormCast for Monday, June 11th 2018
5:30
The Seven Properties of Highly Secure Devices
https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf
Finding Deserialisation Issues With Burp
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/finding-deserialisation-issues-has-never-been-easier-freddy-the-serialisation-killer/
FTC Starts Looking Into Cryptojacking
https://www.consumer.ftc.gov/blog/2018/06/protecting-your-devices-cryptojacking
Drupal Disputes Number of Vulnerable Sites
https://groups.drupal.org/node/520149
Jun 11, 2018
ISC StormCast for Friday, June 8th 2018
5:36
Critical Adobe Flash Update
https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
SuperMicro Firmware Vulnerability
https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/
FOSCAM Video Camera Vulnerabilities
https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/
Sofacy Update
https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/
Automated Twitter Loot Collection
https://isc.sans.edu/forums/diary/Automated+twitter+loot+collection/23743/
Jun 08, 2018
ISC StormCast for Thursday, June 7th 2018
5:05
VPNFilter Update
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html
Prowli Botnet
https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining/
Cisco Security Bulletins
https://tools.cisco.com/security/center/publicationListing.x
F-Secure RAR Vulnerability
https://www.f-secure.com/en/web/labs_global/fsc-2018-2
PCAP to Weblogs
https://isc.sans.edu/forums/diary/Converting+PCAP+Web+Traffic+to+Apache+Log/23739/
Jun 07, 2018
ISC StormCast for Wednesday, June 6th 2018
5:41
Analysis of a Post Exploit Script
Malicious Post-Exploitation Batch File
Zip Slip Vulnerability
https://snyk.io/research/zip-slip-vulnerability
Redis Exploits
https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html
Drupalgeddon 2 Update
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
Jun 06, 2018
ISC StormCast for Tuesday, June 5th 2018
6:02
Running Only Signed Code. Does it work in Windows 10?
https://isc.sans.edu/forums/diary/Digging+into+Authenticode+Certificates/23731/
Misconfigured G-Suite Mailing Lists
https://www.kennasecurity.com/widespread-google-groups-misconfiguration-exposes-sensitive-information/
Microsoft Releases Open Source Post Quantum VPN
https://github.com/Microsoft/PQCrypto-VPN
Jun 05, 2018
ISC StormCast for Monday, June 4th 2018
5:29
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple+Security+Updates/23727/
VPNFilter Makes a Comeback
https://jask.com/from-russia-with-love/
Reverse Analysis with Radare2
https://isc.sans.edu/forums/diary/Binary+analysis+with+Radare2/23723/
Pet Location Tracker Vulnerabilities
https://threatpost.com/pet-trackers-open-to-mitm-attacks-interception/132291/
Jun 04, 2018
ISC StormCast for Friday, June 1st 2018
5:45
Safely Resetting Routers
https://isc.sans.edu/forums/diary/Resetting+Your+Router+the+Paranoid+Right+Way/23719/
CSS mix-blend-mode Side Channel Attack
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/
New ActiveX Exploit Seen in the Wild
https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=27263
Apple iMessage Security
https://support.apple.com/en-us/HT202303
10 Year Old Vulnerability in Steam Discovered
https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
Jun 01, 2018