SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brie...
Windows 11 and TPM
https://techcommunity.microsoft.com/blog/windows-itpro-blog/tpm-2-0-%E2%80%93-a-necessity-for-a-secure-and-future-proof-windows-11/4339066
https://www.forbes.com/sites/zakdoffman/2024/12/12/microsoft-warns-400-million-windows-users-do-not-update-your-pc/
Microsoft Azure MFA Bypass
https://www.oasis.security/resources/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass
Struts 2 Arbitrary File Upload CVE-2024-53677
https://cwiki.apache.org/confluence/display/WW/S2-067
Russian actor Secret Blizzard using tools of other groups to attack Ukraine
https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/
-------- Â
6:18
ISC StormCast for Thursday, December 12th, 2024
Vulnerability Symbiosis: vSphere's CVE-2024-38812 and CVE-2024-38813
https://isc.sans.edu/diary/Vulnerability%20Symbiosis%3A%20vSphere%3Fs%20CVE-2024-38812%20and%20CVE-2024-38813%20%5BGuest%20Diary%5D/31510
Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS)
https://isc.sans.edu/diary/Apple+Updates+Everything+iOS+iPadOS+macOS+watchOS+tvOS+visionOS/31514/
Widespread exploitation of Cleo file transfer software (CVE-2024-50623)
https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild
https://labs.watchtowr.com/cleo-cve-2024-50623/
-------- Â
5:46
ISC StormCast for Wednesday, December 11th, 2024
Microsoft Patch Tuesday December 2024
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20December%202024/31508
Ivanty Security Advisory
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US
Visual Studio Code Tunnels
https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/
Mitigating NTLM Relay Attacks
https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/
-------- Â
5:29
ISC StormCast for Tuesday, December 10th, 2024
CURLing for Crypto on Honeypots
https://isc.sans.edu/diary/CURLing%20for%20Crypto%20on%20Honeypots/31502
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection
https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/
Android Monthly Update
https://source.android.com/docs/security/bulletin/pixel/2024-12-01
RCS Not Always Encrypted
https://daringfireball.net/linked/2024/12/04/shame-on-google-messages
-------- Â
6:17
ISC StormCast for Monday, December 9th, 2024
Bypassing WAFs with the Phantom Version Cookie
https://portswigger.net/research/bypassing-wafs-with-the-phantom-version-cookie
URL File NTLM Hash Disclosure
https://blog.0patch.com/2024/12/url-file-ntlm-hash-disclosure.html
Ultralytics Library Infected with Miner
https://github.com/ultralytics/ultralytics/issues/18027#issuecomment-2521578169
DaMAgeCard attack targets memory directly thru SD card reader
https://swarm.ptsecurity.com/new-dog-old-tricks-damagecard-attack-targets-memory-directly-thru-sd-card-reader/
About SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Listen to SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast), The Green Blueprint and many other podcasts from around the world with the radio.net app