A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
ISC StormCast for Thursday, March 7th, 2024
Scanning and Abusing the QUIC Protocol https://isc.sans.edu/diary/Scanning%20and%20abusing%20the%20QUIC%20protocol/30720 Google Chrome Update https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html Spinning YARN https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/ Teamcity Exploited https://twitter.com/leak_ix/status/1765460190621581347
ISC StormCast for Wednesday, March 6th, 2024
iOS/iPadOS Updates with Zero Day Fixes https://isc.sans.edu/diary/Apple%20Releases%20iOS%20iPadOS%20Updates%20with%20Zero%20Day%20Fixes./30716 Why Your Firewall Will Kill You https://isc.sans.edu/diary/Why+Your+Firewall+Will+Kill+You/30714/ QEMU Tunnel https://securelist.com/network-tunneling-with-qemu/111803/ VMware Vulnerabilities Patched https://www.vmware.com/security/advisories/VMSA-2024-0006.html
ISC StormCast for Tuesday, March 5th, 2024
Capturing DShield Packets with a LAN Tap https://isc.sans.edu/diary/Capturing%20DShield%20Packets%20with%20a%20LAN%20Tap%20%5BGuest%20Diary%5D/30708 Additional Critical Security Issues Affecting Teamcity https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/ GitHub Push Protection Now On By Default https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/ Android Updates https://source.android.com/docs/security/bulletin/2024-03-01 Linksys E-2000 Vulnerablity https://warp-desk-89d.notion.site/Linksys-E-2000-efcd532d8dcf4710a4af13fca131a5b8
ISC StormCast for Monday, March 4th, 2024
Scanning for Confluence CVE-2022-26134 https://isc.sans.edu/diary/Scanning%20for%20Confluence%20CVE-2022-26134/30704 Exploiting CSP Wildcards for Google Domains https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google Silver SAML: Golden SAML in the Cloud https://www.semperis.com/blog/meet-silver-saml/
ISC StormCast for Friday, March 1st, 2024
Dissecting DarkGate: Module Malware Delivery and Persistence as a Service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Dissecting%20DarkGate%3A%20Modular%20Malware%20Delivery%20and%20Persistence%20as%20a%20Service./30700 Ivanti Incident Response Update https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b Github Flooded with Infected Repos https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack Security Flaws in NoName Doorbell Cameras https://www.consumerreports.org/home-garden/home-security-cameras/video-doorbells-sold-by-major-retailers-have-security-flaws-a2579288796/
ISC StormCast for Thursday, February 29th, 2024
Exploit Attempts for Unknown Password Reset Vulnerability https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Unknown%20Password%20Reset%20Vulnerability/30698 StopRansomware: Updated ALPHV Blackcat Advisory https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a GlobalBlock Service To Prevent Trademark abuse https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/
ISC StormCast for Wednesday, February 28th, 2024
Take Downs and the Rest of Us: Do they matter? https://isc.sans.edu/diary/Take%20Downs%20and%20the%20Rest%20of%20Us%3A%20Do%20they%20matter%3F/30694 Joint Cybersecurity Advisory https://www.ic3.gov/Media/News/2024/240227.pdf SVR Cyber Actors Adapt Tactics for Initial Cloud Access https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-for-initial-cloud-access Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
ISC StormCast for Tuesday, February 27th, 2024
Utilizing the VirusTotal API to Query Files Uploaded to the DShield Honeypot https://isc.sans.edu/diary/Utilizing%20the%20VirusTotal%20API%20to%20Query%20Files%20Uploaded%20to%20DShield%20Honeypot%20%5BGuest%20Diary%5D/30688 New WiFi Authentication Vulnerabilities Discovered https://www.top10vpn.com/research/wifi-vulnerabilities/ Subdomain Takeover Spam https://labs.guard.io/subdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935
ISC StormCast for Monday, February 26th, 2024
Update MGLNDD * Scans https://isc.sans.edu/forums/diary/Update%3A%20MGLNDD_*%20Scans/30686/ Simple Anti-Sandbox Technique: Where's the Mouse https://isc.sans.edu/diary/Simple%20Anti-Sandbox%20Technique%3A%20Where%27s%20The%20Mouse%3F/30684 Security Vulnerabilities in Apex Code Could Leak Salesforce Data https://www.varonis.com/blog/apex-code-vulnerabilities IBM Operation Decision Manager Exploit CVE-2024-22319 CVE-2024-22320 https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/ Linux Kernel TLS Vulnerability CVE-2024-26582 https://lore.kernel.org/linux-cve-announce/2024022139-spruce-prelude-c358@gregkh/
ISC StormCast for Friday, February 23rd, 2024
Friend, Foe or Something In Between https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Friend%2C%20foe%20or%20something%20in%20between%3F%20The%20grey%20area%20of%20%27security%20research%27/30670 Large AT&T Wireless Network Outage https://isc.sans.edu/diary/Large%20AT%26T%20Wireless%20Network%20Outage%20%23att%20%23outage/30680 Connect Wise Screenconnect Userd by LockBit https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/ SSH Snake Abused in the Wild https://github.com/MegaManSec/SSH-Snake
ISC StormCast for Thursday, February 22nd, 2024
Phishing Pages Hosted on Archive.org https://isc.sans.edu/forums/diary/Phishing%20pages%20hosted%20on%20archive.org/30676/ ScreenConnect Authentication Bypass Exploit CVE-2024-1709 CVE-2024-1708) https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass iMessage with PQ3 https://security.apple.com/blog/imessage-pq3/
ISC StormCast for Wednesday, February 21st, 2024
Old Mirai New Exploits https://isc.sans.edu/diary/Mirai-Mirai%20On%20The%20Wall...%20%5BGuest%20Diary%5D/30658 KeyTrap PoC Exploit https://github.com/knqyf263/CVE-2023-50387 Google Open Sources Magika File ID System https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html Exploiting Unsynchronised Clocks https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks
ISC StormCast for Tuesday, February 20th, 2024
Old Mirai New Exploits https://isc.sans.edu/diary/Mirai-Mirai%20On%20The%20Wall...%20%5BGuest%20Diary%5D/30658 KeyTrap PoC Exploit https://github.com/knqyf263/CVE-2023-50387 Google Open Sources Magika File ID System https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html Exploiting Unsynchronised Clocks https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks
ISC StormCast for Monday, February 19th, 2024
SolarWinds Security Advisories https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-3_release_notes.htm Google Chrome Adds Private Network Checks https://chromestatus.com/feature/4869685172764672 Gold Factory iOS Trojan https://www.group-ib.com/blog/goldfactory-ios-trojan/
ISC StormCast for Friday, February 16th, 2024
USPS Anchors Snowballing Smishing Campaigns https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/ Linux Issuing CVEs http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/ Analyzing Pulse Secure Firmware and Bypassing Integrity Checking https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking/ Jennifer Walker: Detecting Rogue Ethernet Switches Using Layer 1 Techniques https://www.sans.edu/cyber-research/detecting-rogue-ethernet-switches-using-layer-1-techniques/