SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1,984 episodes - English - Latest episode: 3 days ago - ★★★★★ - 435 ratingsA brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
ISC StormCast for Tuesday, July 26th, 2022
July 26, 2022 02:00 - 7 minutes - 5.94 MBPowerShell Script with Fileless Capability https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878 With Management Comes Risk: Finding Flaws in Filewave MDM https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/ CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
ISC StormCast for Monday, July 25th, 2022
July 25, 2022 02:00 - 5 minutes - 4.94 MBAn Analysis of a Discerning Phishing Website https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870 Sonicwall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007 Sh*load Exploids Episdoe V: Return of the Error https://dellfer.com/shload-exploits-episode-v-return-of-the-error/
ISC StormCast for Friday, July 22nd, 2022
July 22, 2022 02:00 - 6 minutes - 5.42 MBMaldoc with non-ASCII VBA Identifiers https://isc.sans.edu/diary/Maldoc%3A+non-ASCII+VBA+Identifiers/28866 Cisco Security Updates https://tools.cisco.com/security/center/publicationListing.x? Outlook 365 Odd Supicious Login Attempt Warnings https://www.theregister.com/2022/07/21/outlook_sign_ins/ Windows RDP Brute Force Protection https://twitter.com/dwizzzleMSFT/status/1549870156771340288 Microsoft resuming blocking macros https://techcommunity.microsoft.com/t5/microsoft-365-bl...
ISC StormCast for Thursday, July 21st, 2022
July 21, 2022 02:00 - 6 minutes - 5.23 MBMalicious Python Script Behaving Like a Rubber Ducky https://isc.sans.edu/diary/Malicious+Python+Script+Behaving+Like+a+Rubber+Ducky/28860 Apple Patches Everything https://isc.sans.edu/diary/Apple+Patches+Everything+Day/28862 Confluence Atlasian Hard Coded Password https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html Zyxel Vulnerablity https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulner...
ISC StormCast for Wednesday, July 20th, 2022
July 20, 2022 02:00 - 7 minutes - 6.05 MBBeacon Request https://isc.sans.edu/diary/Requests+For+beacon.http-get.+Help+Us+Figure+Out+What+They+Are+Looking+For/28856 Oracle July 2022 CPU https://www.oracle.com/security-alerts/cpujul2022.html CloudMensis MacOS Spyware https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/ GPS Tracker Vulnerabilities https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf
ISC StormCast for Tuesday, July 19th, 2022
July 19, 2022 02:00 - 6 minutes - 5.11 MBAdding Your Own Keywords to My PDF Tools https://isc.sans.edu/diary/Adding+Your+Own+Keywords+To+My+PDF+Tools/28852 Tor Improvements https://blog.torproject.org/new-release-tor-browser-115/ Trojan Horse Malware Password Cracker https://www.dragos.com/blog/the-trojan-horse-malware-password-cracking-ecosystem-targeting-industrial-operators/ CVE-2022-33891 Apache Spark Shell Command Injection Vulnerability https://securityonline.info/cve-2022-33891-apache-spark-shell-command-injection-...
ISC StormCast for Monday, July 18th, 2022
July 18, 2022 02:00 - 5 minutes - 4.56 MBPython: Files in Use By Another Process https://isc.sans.edu/diary/Python%3A+Files+In+Use+By+Another+Process/28848 Google Removing App Permissions List for Data Safety https://twitter.com/MishaalRahman/status/1547307555407421443 Google Play Malware https://twitter.com/IngraoMaxime/status/1547164768401858560 Faking Github Metadata https://checkmarx.com/blog/unverified-commits-are-you-unknowingly-trusting-attackers-code/
ISC StormCast for Friday, July 15th, 2022
July 15, 2022 02:00 - 6 minutes - 5.63 MBDebugging Broadcast Storms https://isc.sans.edu/diary/A+%22DHCP+is+Broken%22+story%2C+and+a+Blast+from+the+Past+%28or+should+I+say+%22Storm%22+from+the+past%29/28844 Targeted Deanonymization via Side Channel Attacks https://leakuidatorplusteam.github.io/preprint.pdf Cookie Theft to BEC https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/ VMWare Patch https://www.vmware.com/security/a...
ISC StormCast for Thursday, July 14th, 2022
July 14, 2022 02:00 - 5 minutes - 4.94 MBUsing Referrers to Detect Phishing Attacks https://isc.sans.edu/diary/Using+Referers+to+Detect+Phishing+Attacks/28836 Callback Phishing Campaigns Impersonating Security Companies https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies/ Retbleed Spectre Attack https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 https://www.microsof...
ISC StormCast for Wednesday, July 13th, 2022
July 13, 2022 02:25 - 5 minutes - 4.94 MBMicrosoft Patch Tuesday https://isc.sans.edu/diary/Microsoft+July+2022+Patch+Tuesday/28838 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html SAP Patches https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 IBM Patches https://www.ibm.com/support/pages/node/6602255 https://www.ibm.com/support/pages/node/6602259 https://www.ibm.com/support/pages/node/6602251
ISC StormCast for Tuesday, July 12th, 2022
July 12, 2022 02:00 - 6 minutes - 5.32 MBRogers Outage https://about.rogers.com/news-ideas/a-message-from-rogers-president-and-ceo/ Rolling Pwn https://rollingpwn.github.io/rolling-pwn/ GitHub Runners mine Cryptocoins https://www.trendmicro.com/en_us/research/22/g/unpacking-cloud-based-cryptocurrency-miners-that-abuse-github-ac.html SANSFIRE Keynote Stream https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
ISC StormCast for Monday, July 11th, 2022
July 11, 2022 02:00 - 5 minutes - 4.67 MBSANSFIRE Keynote Stream https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/ Extracting URLs from Emotet with Cyberchef https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/ Microsoft rolling Back Macro Policy Change https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 Checkmate Ransomware Affected Poorly Configured Q...
ISC StormCast for Thursday, July 7th, 2022
July 07, 2022 02:00 - 7 minutes - 6.18 MBHow Many SANs are Insane https://isc.sans.edu/forums/diary/How+Many+SANs+are+Insane/28820/ Fortinet July Updates https://fortiguard.fortinet.com/psirt?date=07-2022 Phishing Attacks Getting Trickier https://www.sans.org/newsletters/ouch/phishing-attacks-getting-trickier Quantum Safe Ciphers https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4 Apple Proposes Lockdown Mode https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from...
ISC StormCast for Wednesday, July 6th, 2022
July 06, 2022 02:00 - 6 minutes - 5.37 MBEternalBlue 5 Years After WannaCry and NotPetya https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/ OpenSSL Patches Two Vulnerabilities https://www.openssl.org/news/secadv/20220705.txt Iconburst NPM Software Supply Chain Attack https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites
ISC StormCast for Tuesday, July 5th, 2022
July 05, 2022 02:00 - 5 minutes - 4.71 MB7Zip Mark of the Web For Office Files https://isc.sans.edu/forums/diary/7Zip+MoW+For+Office+files/28812/ SessionManager Backdoor Seen with IIS https://securelist.com/the-sessionmanager-iis-backdoor/106868/ Googe Chrome Stable Channel Update https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
ISC StormCast for Friday, July 1st, 2022
July 01, 2022 02:00 - 6 minutes - 5.47 MBCase Study: Cobalt Strike Server Lives on After its Domain is Suspended https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/ CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus https://www.horizon3.ai/red-team-blog-cve-2022-28219/ CWE Top 25 Update https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html#analysis
ISC StormCast for Thursday, June 30th, 2022
June 30, 2022 02:00 - 6 minutes - 5.7 MBIts New Phone Day: Time to Migrate Your MFA https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/ Managing Human Risk Security Awareness Report https://go.sans.org/lp-wp-2022-sans-security-awareness-report Microsoft Azure Service Fabric Container Elevation of Privilege Vulnerability https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/#The-Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137 Zimbra RCE Vulnerabil...
ISC StormCast for Wednesday, June 29th, 2022
June 29, 2022 02:00 - 5 minutes - 4.95 MBPossible Scans for HiByMusic Devices https://isc.sans.edu/forums/diary/Possible+Scans+for+HiByMusic+Devices/28796/ OpenSSL Heap Overflow https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/ https://github.com/openssl/openssl/issues/18625#issuecomment-1165012549 ZuoRat MalwareHijacking Home Office Routers https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
ISC StormCast for Tuesday, June 28th, 2022
June 28, 2022 02:00 - 6 minutes - 5.5 MBEncrypted Client Hello: Anybody Using it Yet? https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/ Jenkins Advisory https://www.jenkins.io/security/advisory/2022-06-22/ Instagram Age Verification https://about.fb.com/news/2022/06/new-ways-to-verify-age-on-instagram/ CodeSys V2 Vulnerability https://github.com/ic3sw0rd/Codesys_V2_Vulnerability
ISC StormCast for Monday, June 27th, 2022
June 27, 2022 02:00 - 7 minutes - 6.58 MBPython Abusing the Windows GUI https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/ Malicious Code Passed to PowerShell via the Clipboard https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/ Attacking With WebView2 Applications https://mrd0x.com/attacking-with-webview2-applications/ Bronze Starlight Ransomware Operations Use Hui Loaders https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-lo...
ISC StormCast for Thursday, June 23rd, 2022
June 23, 2022 02:00 - 5 minutes - 4.72 MBMalicious PowerShell Targeting Cryptocurrency Browser Extensions https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/ Keeping PowerShell: Security Measures to Use and Embrace https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF Client-Side Magecart Attacks Still Around, But More Covert https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-ma...
ISC StormCast for Wednesday, June 22nd, 2022
June 22, 2022 02:00 - 6 minutes - 5.31 MBExperimental New Domain / Domain Age API https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/ Forescout Vedere Labs Discovers 56 OT Vulnerabilities https://www.forescout.com/resources/ot-icefall-report/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/ Does Acrobat Reader Unload Injection of Security Products https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products 7-Zip Mark-of-the-Web Suppor...
ISC StormCast for Tuesday, June 21st, 2022
June 21, 2022 02:00 - 5 minutes - 4.88 MBOdd TCP Fast Open Packets https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/ DFSCoerce NTLM Relay Attack https://github.com/Wh04m1001/DFSCoerce https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429 Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices https://www.bleepingcomputer.com/news/microsoft/windows-emergency-upda...
ISC StormCast for Monday, June 20th, 2022
June 20, 2022 02:00 - 8 minutes - 7.16 MBCritical Vulnerability in Splunk Enterprise Deployment Server Functionality https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/ Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/ Proofpoint Discovers Potentially Dangerous Office 365 Functionality https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers...
ISC StormCast for Friday, June 17th, 2022
June 17, 2022 02:00 - 5 minutes - 5.05 MBHoudini is Back Delivered Through a JavaScript Dropper https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/ Drifting Cloud: Zero-Day Sophos Firewall Exploitation https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/ Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-...
ISC StormCast for Thursday, June 16th, 2022
June 16, 2022 02:00 - 5 minutes - 5.07 MBTerraforming Honeypots: Using IaaC & Cloud to Attract Attacks https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/ Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/ Cloud Middleware Dataset https://github.com/wiz-sec/cloud-middleware-dataset CVE-2022-26937 Windows Network File System NLM Portmap Stack Buffer Overflow ...
ISC StormCast for Wednesday, June 15th, 2022
June 15, 2022 02:00 - 7 minutes - 5.97 MBMicrosoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html SynLapse Vulnerability https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ Hertzbleed Attack https://www.hertzbleed.com
ISC StormCast for Tuesday, June 14th, 2022
June 14, 2022 02:00 - 5 minutes - 4.94 MBTranslating Saitama's DNS Tunneling https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/ Travis CI Logs Expose Users to Cyber Attacks https://blog.aquasec.com/travis-ci-security Linux Threat Hunting: "Syslogk" a kernel rootkit found under development in the wild https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/ Mitel Desk Phone Backdoor https://blog.syss.com/posts/rooting-mitel-de...
ISC StormCast for Monday, June 13th, 2022
June 13, 2022 02:00 - 6 minutes - 5.26 MBEPSScall: An Exploit Prediction Scoring System App https://isc.sans.edu/forums/diary/EPSScall+An+Exploit+Prediction+Scoring+System+App/28732/ PACMan Attack https://pacmanattack.com https://twitter.com/wdormann/status/1535245913857351680 Carrier LenelS2 HID Mercury access panel vulnerability https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01 Malicious Python Modules https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/
ISC StormCast for Friday, June 10th, 2022
June 10, 2022 02:00 - 8 minutes - 7.16 MBTA570 QBot attempts to exploit CVE-2022-30190 (Follina) https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/ Analysis of a Facebook Phishing Campaign https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/ Zyxel Security Advisory https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml Fujitsu Centricstor Vulnerability https:/...
ISC StormCast for Thursday, June 9th, 2022
June 09, 2022 02:00 - 5 minutes - 5.03 MBSANS RSA Panel (sorry, video no longer available) Atlassian Confluence Attacks https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/ Fake CClenaer Malvertisements https://blog.avast.com/fakecrack-campaign Weakness in Verbatim Keypad Secure USB Drive https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/
ISC StormCast for Wednesday, June 8th, 2022
June 08, 2022 11:45 - 5 minutes - 4.75 MBThe Trouble With Microsoft's Troubleshooters https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd QBot Uses Follina https://twitter.com/threatinsight/status/1534227444915482625 Deadbolt Ransomware https://www.trendmicro.com/en_us/research/22/f/closing-the-door-deadbolt-ransomware-locks-out-vendors-with-mult.html Google Android Updates https://source.android.com/security/bulletin/2022-06-01?hl=en
ISC StormCast for Tuesday, June 7th, 2022
June 07, 2022 06:30 - 6 minutes - 5.34 MBMS-MSDT RTF Maldocs Analysis oledump Plugins https://isc.sans.edu/forums/diary/msmsdt+RTF+Maldoc+Analysis+oledump+Plugins/28718/ Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/ Unpatched Horde Webmail Bug https://blog.sonarsource.com/horde-webmail-rce-via-email/ Clickstudio (Passwordstate) Code Signing Cert Used by Folli...
ISC StormCast for Monday, June 6th, 2022
June 06, 2022 02:00 - 5 minutes - 4.67 MBSandbox Evasion... With Just a Filename! https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/ Atlassian Exploit Released https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/ GitLab Critical Security Release https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ U-Boot Vulnerablities https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-c...
ISC StormCast for Friday, June 3rd, 2022
June 03, 2022 10:57 - 6 minutes - 5.11 MBQuick Answers in Incident Response RECmd.exe https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/ Zero-Day Exploitation of Atlassian Confluence https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/ https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html Korenix Technology JetPort Backdoor https://sec-consult.com/vulnerability-lab/advisory/backdoor-account-in-korenix-technology-jetp...
ISC StormCast for Thursday, June 2nd, 2022
June 02, 2022 11:38 - 5 minutes - 5.03 MBHTML Phishing Attachments - Now With Anti-Analysis Features https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/ Unofficial Patch for CVE-2022-30190 (Follina) https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html Windows Search Vulnerability https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/ Call Forwarding Used to Compromise WhatsApp Accounts https://w...
ISC StormCast for Wednesday, June 1st, 2022
June 01, 2022 02:00 - 5 minutes - 4.54 MBFollina Update https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/ https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694/ Open Automation Software Platform Vulnerability https://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html Over 3.6 million MySQL servers found exposed on the Internet https://www.bleepingcomputer.com/news/security/over-36-million-mysql-se...
ISC StormCast for Tuesday, May 31st, 2022
May 30, 2022 20:59 - 7 minutes - 6.53 MBNew Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694/
ISC StormCast for Friday, May 27th, 2022
May 27, 2022 02:00 - 15 minutes - 12.8 MBHuge Signed PE Files https://isc.sans.edu/forums/diary/Huge+Signed+PE+File/28686/ VMWare Authentication Bypass PoC https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/ Quanta Server BMC Vulnerability https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/ Windows 11 and Server 2022 Update Prevent Trend Micro Ransomware Protection https://success.trendmicro.com/dcx/s/solution/000291066?language=en_US Nate Stre...
ISC StormCast for Thursday, May 26th, 2022
May 26, 2022 02:00 - 5 minutes - 4.42 MBUsing NMAP to Assess Hosts in Load Balanced Clusters https://isc.sans.edu/forums/diary/Using+NMAP+to+Assess+Hosts+in+Load+Balanced+Clusters/28682/ Attacker Modifying Libraries Claims "Research" https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/ Heroku GitHub Integration Re-Enabled Again https://blog.heroku.com/github-integration-update Serious security vulnerablity in Tails 5.0 https://tails.boum.org/security/proto...
ISC StormCast for Wednesday, May 25th, 2022
May 25, 2022 02:00 - 5 minutes - 4.53 MBctx Python Library Updated with "Extra" Features https://isc.sans.edu/forums/diary/ctx+Python+Library+Updated+with+Extra+Features/28678/ Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/ VMWare Exploit About to Be Released https://twitter.com/Horizon3Attack/status/1528935531333177344 Zyxel Firewalls, AP Controllers, APs Patch https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml
ISC StormCast for Tuesday, May 24th, 2022
May 24, 2022 02:00 - 5 minutes - 4.65 MBAttacker Scanning for jQuery-File-Upload https://isc.sans.edu/forums/diary/Attacker+Scanning+for+jQueryFileUpload/28674/ Oracle Security Alert Advisory - CVE-2022-21500 https://www.oracle.com/security-alerts/alert-cve-2022-21500.html How to find NPM dependencies vulnerable to account hijacking https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/ Pre-hijacked accounts https://arxiv.org/pdf/2205.10174.pdf
ISC StormCast for Monday, May 23rd, 2022
May 23, 2022 02:00 - 6 minutes - 5.24 MBA "Zip Bomb" to Bypass Security Controls & Sandboxes https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/ Cisco IOS XR Software Health Check Open Port Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK pwn2own Vancouver 2022 Results https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results#three Malicious PyPi Packages Drop Cobalt Strike https://blog.sonatyp...
ISC StormCast for Friday, May 20th, 2022
May 20, 2022 02:00 - 6 minutes - 5.11 MBBumblebee Malware from TransferXL URLs https://isc.sans.edu/forums/diary/Bumblebee+Malware+from+TransferXL+URLs/28664/ Microsoft Out-of-Band Update fixes Authentication Issues https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services Sonicwall Patch for SMA 1000 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010 QNAP NAS Deadbolt Ransomware https://www.qnap.com/en/security-n...
ISC StormCast for Thursday, May 19th, 2022
May 19, 2022 02:00 - 6 minutes - 5.74 MBVMWare Flaws https://core.vmware.com/vmsa-2022-0014-questions-answers-faq https://blog.barracuda.com/2022/05/17/threat-spotlight-attempts-to-exploit-new-vmware-vulnerabilities/ Tesla BLE Proximity Authentication Vulnerable to Relay Attacks https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/ Credit Card Scraping via Malicious PHP Code https://www.ic3.gov/Media/News/2022/220516.pdf Microsoft updating Delegated Admin Pr...
ISC StormCast for Wednesday, May 18th, 2022
May 18, 2022 02:00 - 6 minutes - 5.22 MBUse Your Browser Internal Password Vault... or Not? https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/ SQL Server Brute Forcing https://twitter.com/MsftSecIntel/status/1526680337216114693 UpdateAgent Adapts Again https://www.jamf.com/blog/updateagent-adapts-again/ Updated Exploited Vulnerabilities https://www.cisa.gov/uscert/ncas/current-activity/2022/05/10/cisa-adds-one-known-exploited-vulnerability-catalog
ISC StormCast for Tuesday, May 17th, 2022
May 17, 2022 02:00 - 6 minutes - 5.34 MBApple Patches Everything https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28654/ Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones https://arxiv.org/pdf/2205.06114.pdf Third-Party Web Trackers Log What You Type Before Submitting https://homes.esat.kuleuven.be/~asenol/leaky-forms/
ISC StormCast for Monday, May 16th, 2022
May 16, 2022 02:00 - 6 minutes - 5.45 MBFrom 0-Day to Mirai: 7 days of BIG-IP Exploits https://isc.sans.edu/forums/diary/From+0Day+to+Mirai+7+days+of+BIGIP+Exploits/28644/ Sonicwall Vulnerabilities Patched https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 Zonealarm Patch https://www.zonealarm.com/software/extreme-security/release-history Taking over npm account https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/
ISC StormCast for Friday, May 13th, 2022
May 13, 2022 02:00 - 4 minutes - 4.27 MBWhen Get-WebRequest Fails You https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/ HP PC BIOS Security Updates https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788 INTEL BIOS Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html Zyxel RCE Vulnerability https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
ISC StormCast for Thursday, May 12th, 2022
May 12, 2022 02:00 - 5 minutes - 4.74 MBTA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/ Google Drive Emerges as Top App for Malware Downloads https://www.helpnetsecurity.com/2022/05/11/malicious-pdf-search-engines/ Vanity URL Abuse https://www.varonis.com/blog/url-spoofing npm Supply Chain Attack Turns Out to be Part of Penetration Test https://jfrog.com/blog/npm-supply-chain-attac...