SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1,984 episodes - English - Latest episode: 2 days ago - ★★★★★ - 435 ratingsA brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
ISC StormCast for Wednesday, March 2nd, 2022
March 02, 2022 02:00 - 6 minutes - 5.13 MBGeoblocking when you can't Geoblock https://isc.sans.edu/forums/diary/Geoblocking+when+you+cant+Geoblock/28392/ IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/ Memory Corruption Vulnerabilities in PJSIP https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/ Octa Patch for Advanced Server Access Client https:...
ISC StormCast for Tuesday, March 1st, 2022
March 01, 2022 02:00 - 6 minutes - 5.72 MBPHP Patches Code Injection Flaw https://nvd.nist.gov/vuln/detail/CVE-2021-21708 https://bugs.php.net/bug.php?id=81708 Mozilla VPN Local Privilege Escalation https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/ Google Captcha Breaking https://east-ee.com/2022/02/28/1367/ Samsung Encryption Vulnerability https://eprint.iacr.org/2022/208.pdf tshark Multiple IPs https://isc.sans.edu/forums/diary/TShark+Multiple+IP+Addresses/28386/
ISC StormCast for Monday, February 28th, 2022
February 28, 2022 02:00 - 5 minutes - 4.76 MBUkraine Update https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/ https://ddosecrets.com/wiki/Tetraedr https://twitter.com/YourAnonOne/status/1496965766435926039 https://www.wired.com/story/ukraine-it-army-russia-war-cyberattacks-ddos/ Odd Windows Behaviour with Fixed Addresses https://isc.sans.edu/forums/diary/Windows+Fixed+IPv4+Addresses+and+APIPA/28380/ Using Snort IDS Rules in NetWitness Packet Decoder https://isc...
ISC StormCast for Friday, February 25th, 2022
February 25, 2022 02:00 - 6 minutes - 5.66 MBUkraine Update: Webcast https://www.sans.org/webcasts/russian-cyber-attack-escalation-in-ukraine/ Other Ukraine Related Stories https://isc.sans.edu/forums/diary/Ukraine+Russia+Situation+From+a+Domain+Names+Perspective/28376/ https://detection.watchguard.com Zabbix Vulnerablity Exploited https://www.cisa.gov/uscert/ncas/current-activity/2022/02/22/cisa-adds-two-known-exploited-vulnerabilities-catalog https://support.zabbix.com/browse/ZBX-20350 Asustore Victim of Deadbolt Ransomwa...
ISC StormCast for Thursday, February 24th, 2022
February 24, 2022 03:15 - 6 minutes - 5.88 MBNew Sandworm Malware Cyclops Blink Replaces VPNFilter https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter Wiper Malware Seen Deployed Against Targets in the Ukraine https://twitter.com/juanandres_gs/status/1496581710368358400 https://twitter.com/ESETresearch/status/1496581903205511181 The Rise and Fall of log4shell https://isc.sans.edu/forums/diary/The+Rise+and+Fall+of+log4shell/28372/ pfsense authenticated RCE https://www.shiel...
ISC StormCast for Wednesday, February 23rd, 2022
February 23, 2022 02:00 - 6 minutes - 5.5 MBA Good Old Equation Editor Vulnerablity Deliverying Malware https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/ Horde Webmail 5.2.22 - Account Takeover via Email https://blog.sonarsource.com/horde-webmail-account-takeover-via-email NoVNC Phishing https://mrd0x.com/bypass-2fa-using-novnc/
ISC StormCast for Tuesday, February 22nd, 2022
February 22, 2022 02:00 - 5 minutes - 5.04 MBSending an Email to an IPv4 Address https://isc.sans.edu/forums/diary/Sending+an+Email+to+an+IPv4+Address/28362/ SMS Phone-Verified Account Services https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html Xenomorph Android Banking Trojan https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html Modified CryptBot Infostealer Going After Crypto Wallets https://asec.ahnlab.com/en/31802...
ISC StormCast for Monday, February 21st, 2022
February 21, 2022 02:00 - 5 minutes - 4.36 MBRemcos RAT Delivered Through Doube Compressed Archive https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/ Cassandra User-Defined Functions Remote Code Execution https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/ Apple T2 Weakness https://www.forensicfocus.com/news/passware-kit-forensic-t2-add-on-the-first-password-recovery-tool-for-macs-with-t2-chips/ snap priviledge escalatio...
ISC StormCast for Friday, February 18th, 2022
February 18, 2022 02:00 - 5 minutes - 4.52 MBHackers Attach Malicious .exe Files to Teams Conversations https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations Thunderbird Patches https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/ Cisco Secure Email Gateway Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU GitHub Code Scanning Finds More Vulnerabilities Using Machine Learning https://github.blog/2022-02-17-code-scanning-finds-vulne...
ISC StormCast for Thursday, February 17th, 2022
February 17, 2022 02:00 - 5 minutes - 4.71 MBAstaroth (Guildma) Infection https://isc.sans.edu/forums/diary/Astaroth+Guildma+infection/28346/ Atlassian Jira Updates https://jira.atlassian.com/browse/CONFSERVER-66550 VMWare Updates https://www.vmware.com/security/advisories/VMSA-2022-0004.html FBI Warns of BEC Using Virtual Meeting Platforms https://www.ic3.gov/Media/Y2022/PSA220216
ISC StormCast for Wednesday, February 16th, 2022
February 16, 2022 02:00 - 5 minutes - 4.86 MBWho Are Those Bots? https://isc.sans.edu/forums/diary/Who+Are+Those+Bots/28342/ SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/ Details About Western Digital MyCloud Flaw https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce/ Nooie Baby Monitor Vulnerabilities https://www.bitdefender.com/blog/labs/vulnerabilities-ide...
ISC StormCast for Tuesday, February 15th, 2022
February 15, 2022 02:00 - 5 minutes - 4.84 MBReminder: Decoding TLS Client Hello to Non TLS Servers https://isc.sans.edu/forums/diary/Reminder+Decoding+TLS+Client+Hellos+to+non+TLS+servers/28338/ Magento 2 Critical Vulnerability https://sansec.io/research/magento-2-cve-2022-24086 BigSur/Catalina Mystery Update https://support.apple.com/en-us/HT201222 MacOS Monterey Patch and Microsoft Defender https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mde-apparently-blocks-macos-monterey-12-1-12-2-upgrades/m-p/307...
ISC StormCast for Monday, February 14th, 2022
February 14, 2022 02:00 - 5 minutes - 4.34 MBCinaRAT Delivered Through HTML ID Attributes https://isc.sans.edu/forums/diary/CinaRAT+Delivered+Through+HTML+ID+Attributes/28330/ Windows Defender ASR Blocks LSASS Credential Stealing https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-credential-stealing-from-the-windows-local-security-authority-subsystem Brave Blocking Credential Leaking Extension https://www.theregister.com/2022/02/12/faceboo...
ISC StormCast for Friday, February 11th, 2022
February 11, 2022 02:00 - 6 minutes - 5.13 MBiOS/iPadOS/macOS/Safari 0-Day Vulnerability in WebKit https://support.apple.com/en-us/HT213091 Zyxel Network Storage Devics Hunted By Mirai Variant https://isc.sans.edu/forums/diary/Zyxel+Network+Storage+Devices+Hunted+By+Mirai+Variant/28324/ WMIC Removal https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-deprecated-features Zoom Uses Microphone after Meeting is Over https://community.zoom.com/t5/Meetings/Why-is-the-Zoom-app-listening-on-my-microphone-when-not-...
ISC StormCast for Thursday, February 10th, 2022
February 10, 2022 02:00 - 6 minutes - 5.41 MBExample of Cobalt Strike form Emotet Infection https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Intel Updates https://www.intel.com/content/www/us/en/security-center/default.html NaturalFreshMall: A Mass Store Attack https://sansec.io/research/naturalfreshmall-mass-hack
ISC StormCast for Wednesday, February 9th, 2022
February 09, 2022 02:00 - 5 minutes - 4.91 MBMicrosoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2022+Patch+Tuesday/28316/ Google Cloud Virtual Machine Threat Detection https://cloud.google.com/security-command-center/docs/concepts-vm-threat-detection-overview Android Patches https://source.android.com/security/bulletin/2022-02-01 SAP Patches https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022 Podcast 13 Year Anniversary https://isc.sans.edu/podcastdetail.html?id=25
ISC StormCast for Tuesday, February 8th, 2022
February 08, 2022 02:00 - 5 minutes - 4.85 MBweb3 phishing via self-customizign landing pages https://isc.sans.edu/forums/diary/web3+phishing+via+selfcustomizing+landing+pages/28312/ MSFT Blocking Office VBA Malcros https://www.theverge.com/2022/2/7/22922032/microsoft-block-office-vba-macros-default-change https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 Acronis True Image Update https://security-advisory.acronis.com/updates/UPD-2201-f76f-838c...
ISC StormCast for Monday, February 7th, 2022
February 07, 2022 02:00 - 6 minutes - 5.32 MBIntuit warns of new phishing scams https://security.intuit.com/security-notices IRS working with ID.me https://www.irs.gov/newsroom/new-identity-verification-process-to-access-certain-irs-online-tools-and-services Argo CD Vulnerability https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7 Thermal Imaging of PoE Devices https://is...
ISC StormCast for Friday, February 4th, 2022
February 04, 2022 02:00 - 5 minutes - 4.56 MBAttack Surface Detection https://isc.sans.edu/forums/diary/Keeping+Track+of+Your+Attack+Surface+for+Cheap/28304/ MFA News https://www.proofpoint.com/us/blog/threat-insight/mfa-psa-oh-my https://news.microsoft.com/wp-content/uploads/prod/sites/626/2022/02/Cyber-Signals-E-1.pdf Zimbra Webmail 0-Day Exploited https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/ Cisco RV Series Routers Vulnerabilities https://tools...
ISC StormCast for Thursday, February 3rd, 2022
February 03, 2022 02:00 - 5 minutes - 4.71 MBFinding elFinder: Who is looking for your files? https://isc.sans.edu/forums/diary/Finding+elFinder+Who+is+looking+for+your+files/28300/ IBM Spectrum Protect Plus Container Backup Vulnerabilities https://www.ibm.com/support/pages/node/6540860 https://www.ibm.com/support/pages/node/6552188 Microsoft Update Connectivity https://techcommunity.microsoft.com/t5/windows-it-pro-blog/achieve-better-patch-compliance-with-update-connectivity-data/ba-p/3073356 UEFI Bios Vulnerabilities http...
ISC StormCast for Wednesday, February 2nd, 2022
February 02, 2022 02:00 - 5 minutes - 5.09 MBWindows Privilege Escalation Exploit CVE-2022-21882 https://github.com/KaLendsi/CVE-2022-21882 Fingerprinting Devices Via GPU https://arxiv.org/pdf/2201.09956.pdf SolarMarker Campaign used novel registry changes to establish persistence https://news.sophos.com/en-us/2022/02/01/solarmarker-campaign-used-novel-registry-changes-to-establish-persistence/ Fake Job Ads https://www.ic3.gov/Media/Y2022/PSA220201 Automation is Nice But Don't Replace Your Knowledge https://isc.sans.edu/fo...
ISC StormCast for Tuesday, February 1st, 2022
February 01, 2022 02:00 - 5 minutes - 4.54 MBBe Careful with RPMSG Files https://isc.sans.edu/forums/diary/Be+careful+with+RPMSG+files/28292/ QNAP Auto Update Clarification https://www.qnap.com/en/security-news/2022/descriptions-and-explanations-of-the-qts-quts-hero-recommended-version-feature Samba Vulnerability https://kb.cert.org/vuls/id/119678 Exposed Datacenter Management https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/ Expat Vulnerability https://github.com...
ISC StormCast for Monday, January 31st, 2022
January 31, 2022 02:00 - 6 minutes - 5.26 MBMalicious ISO Embedded in an HTML Page https://isc.sans.edu/forums/diary/Malicious+ISO+Embedded+in+an+HTML+Page/28282/ YARA Console Module https://isc.sans.edu/forums/diary/YARAs+Console+Module/28288/ Attackers Attaching Devices to Azure AD https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/ QNAP Forced Updates https://www.reddit.com/r/qnap/comments/sdsf02/i_just_suffered_what_i_believe_to_b...
ISC StormCast for Friday, January 28th, 2022
January 28, 2022 02:00 - 16 minutes - 13.1 MBTechnical Analysis of CVE-2022-22583 https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection/ https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28280/ Little Snitch Firewall Bypass https://rhinosecuritylabs.com/network-security/bypassing-little-snitch-firewall/ DazzleSpy Malware https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/ Geoffrey Parker: Building an Intelligent, Auto...
ISC StormCast for Thursday, January 27th, 2022
January 27, 2022 02:00 - 6 minutes - 5.39 MBOver 20 Thousand Servers Have Their iLO Interfaces exposed to the Internet https://isc.sans.edu/forums/diary/Over+20+thousand+servers+have+their+iLO+interfaces+exposed+to+the+internet+many+with+outdated+and+vulnerable+versions+of+FW/28276/ Apple Patches and Exploits https://support.apple.com/en-us/HT201222 https://www.ryanpickren.com/safari-uxss Let's Encrypt Fixes Problems and Revoces Certificates https://community.letsencrypt.org/t/changes-to-tls-alpn-01-challenge-validation/170427
ISC StormCast for Wednesday, January 26th, 2022
January 26, 2022 02:00 - 5 minutes - 4.52 MBLocal Privilege Escalation Vulnerablity in Polkit's pkexec (CVE-2021-4034) https://isc.sans.edu/forums/diary/Local+privilege+escalation+vulnerability+in+polkits+pkexec+CVE20214034/28272/ Emotet Stops Using 0.0.0.0 in Spambot Traffic https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/ VMWare Warns of Log4j Exploitation https://www.vmware.com/security/advisories/VMSA-2021-0028.html https://www.cynet.com/attack-techniques-hands-on/threats-looming-over-th...
ISC StormCast for Tuesday, January 25th, 2022
January 25, 2022 02:00 - 6 minutes - 5.21 MBMoonbound UEFI Malware https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/ Exploit of Sonicwall CVE-2021-20038 https://twitter.com/buffaloverflow/status/1485671824725786633 Dell EMC AppSync Vulnerability https://www.dell.com/support/kbdoc/de-de/000195377/dsa-2022-003-dell-emc-appsync-security-update-for-multiple-vulnerabilities Twitter API Keys Leaked in GitHub https://incognitatech.medium.com/using-twitter-to-notify-careless-developers-the-unorthodox-way-d7147...
ISC StormCast for Monday, January 24th, 2022
January 24, 2022 02:00 - 6 minutes - 5.27 MBObscure Wininet.dll Feature https://isc.sans.edu/forums/diary/Obscure+Wininetdll+Feature/28262/ Mixed VBA and Excel 4 Macro in Targeted Excel Sheet https://isc.sans.edu/forums/diary/Mixed+VBA+Excel4+Macro+In+a+Targeted+Excel+Sheet/28264/ https://techcommunity.microsoft.com/t5/excel-blog/excel-4-0-xlm-macros-now-restricted-by-default-for-customer/ba-p/3057905 F5 January 2022 Patches https://support.f5.com/csp/article/K40084114 McAfee Privilege Escalation https://kc.mcafee.com/corp...
ISC StormCast for Friday, January 21st, 2022
January 21, 2022 02:00 - 6 minutes - 5.28 MBRedLine Stealer Delivered Through FTP https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/ Google Camera Alters QR Codes https://www.heise.de/hintergrund/Googles-Kamera-verfaelscht-Links-in-QR-Codes-6332669.html https://www.androidpolice.com/google-camera-randomly-changes-some-qr-code-urls-on-android-12/ Linux Kernel Privilege Escalation / Container Escape https://seclists.org/oss-sec/2022/q1/54 https://access.redhat.com/security/cve/cve-2022-0185 Crypto...
ISC StormCast for Thursday, January 20th, 2022
January 20, 2022 02:25 - 6 minutes - 5.28 MB0.0.0.0 in Emotet Spambot Traffic https://isc.sans.edu/forums/diary/0000+in+Emotet+Spambot+Traffic/28254/ Linux Patch to Make 0.0.0.0/8 Routable https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96125bf9985a WebKit Patch for Cross Origin Database Name Leak https://trac.webkit.org/changeset/288078/webkit ACER Care Center Privilege Escalation https://aptw.tf/2022/01/20/acer-care-center-privesc.html Imporper Input Validation Vulnerability in Serv-U https...
ISC StormCast for Wednesday, January 19th, 2022
January 19, 2022 02:00 - 5 minutes - 4.7 MBPhishing E-Mail With an Advertisement https://isc.sans.edu/forums/diary/Phishing+email+withan+advertisement/28250/ Virustotal Credential https://www.safebreach.com/blog/2022/the-perfect-cyber-crime/ Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpujan2022.html Box MFA Bypass https://www.varonis.com/blog/box-mfa-bypass-sms
ISC StormCast for Tuesday, January 18th, 2022
January 18, 2022 02:00 - 5 minutes - 4.65 MBLog4Shell Attacks Getting Smarter https://isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/ Microsoft Releases Special Update to Deal with January Update Fail https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-updates-for-january-windows-update-issues/ Cisco Unified Contact Center Management Portal and Unifed Contact Center Domain Manager Privilege Escalation Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...
ISC StormCast for Monday, January 17th, 2022
January 17, 2022 02:00 - 5 minutes - 4.53 MBUse of Alternate Data Streams in Research Scans https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/ Microsoft Resumes Windows Server 2019 Cumulative Updates https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-january-windows-server-updates/ Safari Index DB Leak https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
ISC StormCast for Friday, January 14th, 2022
January 14, 2022 02:00 - 5 minutes - 4.71 MBMSFT Patch Issues https://borncity.com/win/2022/01/12/patchday-windows-8-1-server-2012-r2-updates-11-januar-2022-mgliche-boot-probleme/ https://support.microsoft.com/en-us/topic/january-11-2022-kb5009624-monthly-rollup-23f4910b-6bdd-475c-bb4d-c0e961aff0bc https://support.microsoft.com/en-us/topic/january-11-2022-kb5009595-security-only-update-060870c2-ad08-40e5-b000-a9f6d40c0831 Jenkins Security Advisory 2022-01-1 https://www.jenkins.io/security/advisory/2022-01-12/ Qakbot Configura...
ISC StormCast for Thursday, January 13th, 2022
January 13, 2022 02:00 - 5 minutes - 4.71 MBA Quick CVE-2022-21907 FAQ https://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234/ Details Released Regarding Patched Sonicwall Vulnerabilities https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/ iOS/iPad OS Fixing HomeKit Vulnerability / Private Relay issues https://support.apple.com/en-us/HT201222 https://www.macrumors.com/2022/01/12/apple-icloud-private-relay-ios-15-2/ Atticking RDP From Ins...
ISC StormCast for Wednesday, January 12th, 2022
January 12, 2022 02:00 - 6 minutes - 5.53 MBMicrosoft Patch Tuesday - January 2022 https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/ Adobe Updates https://helpx.adobe.com/security.html
ISC StormCast for Tuesday, January 11th, 2022
January 11, 2022 02:00 - 5 minutes - 4.82 MBNew MacOS Vulnerability Could Lead to Unauthorized User Data Access https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access Exploiting URL Parsers https://claroty.com/wp-content/uploads/2022/01/Exploiting-URL-Parsing-Confusion.pdf NPM libs "colors" and "faker" sabotaged by developer https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
ISC StormCast for Monday, January 10th, 2022
January 10, 2022 02:00 - 5 minutes - 4.71 MBExtracting Cobalt Strike Beacons from MSBuild Scripts https://isc.sans.edu/forums/diary/Extracting+Cobalt+Strike+Beacons+from+MSBuild+Scripts/28200/ The JNDI Strikes Back: Unauthenticated RCE in H2 Database Console https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ Trojanized dnSpy app drops malware cocktail https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/ FIN7 Attackers Sending Malic...
ISC StormCast for Friday, January 7th, 2022
January 07, 2022 02:00 - 5 minutes - 4.67 MBMalicious Python Script Targeting Chinese People https://isc.sans.edu/forums/diary/Malicious+Python+Script+Targeting+Chinese+People/28220/ Google Docs Comment Exploit Allows for Distribution of Phishing and Malware https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malware Google Voice Authentication Scams https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/oregon-fbi-tech-tuesday-building-a-digital-defense-against-goo...
ISC StormCast for Thursday, January 6th, 2022
January 06, 2022 02:00 - 5 minutes - 4.68 MBCode Reuse in the Malware Landscape https://isc.sans.edu/forums/diary/Code+Reuse+In+the+Malware+Landscape/28216/ ZLoader Campaign Exploiting Signature Verification Bug https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/ VMWare Virtual CD-Rom Vulnerability https://www.vmware.com/security/advisories/VMSA-2022-0001.html Honda Y2k22 Bug https://www.bleepingcomputer.com/news/t...
ISC StormCast for Wednesday, January 5th, 2022
January 05, 2022 02:05 - 5 minutes - 4.57 MBA Simple Batch File That Blocks People https://isc.sans.edu/forums/diary/A+Simple+Batch+File+That+Blocks+People/28212/ Windows Server Remote Desktop Emergency Update https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#2772 Malicious Telegram Installer Includes Purple Fox Rootkit https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit Web Skimmer Campaign Targets Real Estate Websites https://unit42.paloaltonetworks.com/web-skimm...
ISC StormCast for Tuesday, January 4th, 2022
January 04, 2022 02:00 - 5 minutes - 4.8 MBMcAfee Phishing Campaign with a Nice Fake Scan https://isc.sans.edu/forums/diary/McAfee+Phishing+Campaign+with+a+Nice+Fake+Scan/28208/ Trend Micro Apex One Patch https://success.trendmicro.com/solution/000289996 E-commerce Bots Using Cheap Domain Registration Services https://threatpost.com/ecommerce-bots-domain-registration-account-fraud/177305/ iOS Homekit DoS Vulnerability https://trevorspiniolas.com/doorlock/doorlock.html
ISC StormCast for Monday, January 3rd, 2022
January 03, 2022 02:00 - 7 minutes - 6.37 MBExchange Server Year 2022 Bug https://isc.sans.edu/forums/diary/Exchange+Server+Email+Trapped+in+Transport+Queues/28204/ https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447 Agent Tesla Updates https://isc.sans.edu/forums/diary/Agent+Tesla+Updates+SMTP+Data+Exfiltration+Technique/28190/ https://isc.sans.edu/forums/diary/Do+you+want+your+Agent+Tesla+in+the+300+MB+or+8+kB+package/28202/ Forensics Issues and Techniq...
ISC StormCast for Thursday, December 30th, 2021
December 30, 2021 02:00 - 4 minutes - 3.64 MBLog4j 2 Security Vulnerabilities Update Guide https://isc.sans.edu/forums/diary/Log4j+2+Security+Vulnerabilities+Update+Guide/28188/ Microsoft Defender Log4j False Positives https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-log4j-scanner-triggers-false-positive-alerts/ T-Mobile SIM Swapping Alerts https://www.bleepingcomputer.com/news/security/t-mobile-says-new-data-breach-caused-by-sim-swap-attacks/ Fisher Price Bluetooth Phone Privcy Flaw https://www.pentestpartn...
ISC StormCast for Wednesday, December 29th, 2021
December 29, 2021 02:00 - 4 minutes - 4.22 MBLog4j Vulnerablity CVE-2021-44832 https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832 LotL Classifiers https://isc.sans.edu/forums/diary/LotL+Classifier+tests+for+shells+exfil+and+miners/28184/ LastPass Credential Stuffing https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/
ISC StormCast for Tuesday, December 28th, 2021
December 28, 2021 02:00 - 4 minutes - 4.05 MBAttackers are Abusing MSBuild to Evade Defenses and Implant Cobalt Strike Beacons https://isc.sans.edu/forums/diary/Attackers+are+abusing+MSBuild+to+evade+defenses+and+implant+Cobalt+Strike+beacons/28180/ Bypassing File Quarantine, Gatekeeper and Notarization Requirements https://objective-see.com/blog/blog_0x6A.html Spider-Miner: Trojanized Version of Spiderman No Way Home https://blog.reasonlabs.com/2021/12/23/spider-miner-with-great-power-comes-great-problems/
ISC StormCast for Monday, December 27th, 2021
December 27, 2021 02:00 - 5 minutes - 4.92 MBLog4j/Log4Shell and Cloud Internal Meta Data Services https://isc.sans.edu/forums/diary/log4shell+and+cloud+provider+internal+meta+data+services+IMDS/28168/ https://isc.sans.edu/forums/diary/Defending+Cloud+IMDS+Against+log4shell+and+more/28170/ Log4j/Log4Shell Pushing Crypto Miner https://isc.sans.edu/forums/diary/Example+of+how+attackers+are+trying+to+push+crypto+miners+via+Log4Shell/28172/ Microsoft Vulnerable and Malicious Driver Reporting Center https://www.microsoft.com/securi...
ISC StormCast for Thursday, December 23rd, 2021
December 23, 2021 03:40 - 4 minutes - 3.5 MBForensics Challenge Solution https://isc.sans.edu/forums/diary/December+2021+Forensic+Contest+Answers+and+Analysis/28160/ CAB-less 40444 https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/ Ellume COVID Home Test Weakness https://github.com/FSecureLABS/Ellume-COVID-Test_Research-Files
ISC StormCast for Wednesday, December 22nd, 2021
December 22, 2021 02:00 - 4 minutes - 4.29 MBMore Undetected PowerShell Droppers https://isc.sans.edu/forums/diary/More+Undetected+PowerShell+Dropper/28158/ Apache Patches https://httpd.apache.org/security/vulnerabilities_24.html Auerswald COMpact Multiple Backdoors https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-007/-auerswald-compact-multiple-backdoors Vulnerabilities in Garrett Metal Detectors https://blog.talosintelligence.com/2021/12/vuln-spotlight-garrett-metal-detector.html#more
ISC StormCast for Tuesday, December 21st, 2021
December 21, 2021 02:00 - 5 minutes - 5.03 MBPowerPoint Atachments: Agent Tesla and Code Reuse in Malware https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/ VMWare Workspace ONE Patch / log4j status https://www.vmware.com/security/advisories.html Attacks Against Building Automation https://limessecurity.com/en/knxlock/