A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
In Machines We Trust
A podcast about the automation of everything. Host Jennifer Strong and the team at MIT Technology Review look at what it means to entrust artificial intelligence with our most sensitive decisions.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Tuesday, January 26th, 2021
Fun With nmap nse Scripts and DoH (DNS over HTTPS) https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/ Malicious NPM Module Stealing Discord Passwords https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains Mitigating the $I30 Bug https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/ https://github.com/OSRDrivers/i30Flt ProtonVPN BSOD https://protonstatus.com/incidents/124
ISC StormCast for Tuesday, January 26th, 2021
Fun With nmap nse Scripts and DoH (DNS over HTTPS) https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/ Malicious NPM Module Stealing Discord Passwords https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains Mitigating the $I30 Bug https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/ https://github.com/OSRDrivers/i30Flt ProtonVPN BSOD https://protonstatus.com/incidents/124
ISC StormCast for Monday, January 25th, 2021
Another File Extension to Block: JNLP https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/ SonicWall Vulnerability Used to Breach SonicWall https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/ iObit Forum Breached / Used for Ransomware Distribution https://www.bleepingcomputer.com/forums/t/741190/derohe-ransomware-distributed-through-fake-iobit-one-year-free-license-key-promo/
ISC StormCast for Monday, January 25th, 2021
Another File Extension to Block: JNLP https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/ SonicWall Vulnerability Used to Breach SonicWall https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/ iObit Forum Breached / Used for Ransomware Distribution https://www.bleepingcomputer.com/forums/t/741190/derohe-ransomware-distributed-through-fake-iobit-one-year-free-license-key-promo/
ISC StormCast for Friday, January 22nd, 2021
Powershell Ropping REvil Ransomware https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/ SAP Exploit Circulating https://onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujan2021.html RDP Used for DDoS https://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification Billy Wilson: Mitigating Attacks Against Supercomputers with KRSI https://www.sans.org/reading-room/whitepapers/linux/mitigating-attacks-supercomputer-krsi-40010
ISC StormCast for Friday, January 22nd, 2021
Powershell Ropping REvil Ransomware https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/ SAP Exploit Circulating https://onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujan2021.html RDP Used for DDoS https://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification Billy Wilson: Mitigating Attacks Against Supercomputers with KRSI https://www.sans.org/reading-room/whitepapers/linux/mitigating-attacks-supercomputer-krsi-40010
ISC StormCast for Thursday, January 21st, 2021
SolarWinds Updates https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/ https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/ Cisco Advisories https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj Evesdropping Vulnerabilities in Various WebRTC Based Video Conferencing Systems https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html Oracle Business Intelligence Enterprise Edition XSS https://www.exploit-db.com/exploits/49444
ISC StormCast for Thursday, January 21st, 2021
SolarWinds Updates https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/ https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/ Cisco Advisories https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj Evesdropping Vulnerabilities in Various WebRTC Based Video Conferencing Systems https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html Oracle Business Intelligence Enterprise Edition XSS https://www.exploit-db.com/exploits/49444
ISC StormCast for Wednesday, January 20th, 2021
Qakbot Activity Resumes After Holiday Break https://isc.sans.edu/forums/diary/Qakbot+activity+resumes+after+holiday+break/27008/ Multiple dnsmasq Vulnerabilities https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf FreakOut Malware https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/ Kids Break Screensaver https://github.com/linuxmint/cinnamon-screensaver/issues/354
ISC StormCast for Wednesday, January 20th, 2021
Qakbot Activity Resumes After Holiday Break https://isc.sans.edu/forums/diary/Qakbot+activity+resumes+after+holiday+break/27008/ Multiple dnsmasq Vulnerabilities https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf FreakOut Malware https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/ Kids Break Screensaver https://github.com/linuxmint/cinnamon-screensaver/issues/354
ISC StormCast for Tuesday, January 19th, 2021
Doc And RTF Malicious Document https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/ Center for Internet Security Cisco NX-OS Benchmark https://www.cisecurity.org/cis-benchmarks/ Exploit for Shazam Geolocation Vulnerablity https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792 Voice Phishing and Internal Messaging Systems Used to Escalate Privileges https://www.ic3.gov/Media/News/2021/210115.pdf
ISC StormCast for Tuesday, January 19th, 2021
Doc And RTF Malicious Document https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/ Center for Internet Security Cisco NX-OS Benchmark https://www.cisecurity.org/cis-benchmarks/ Exploit for Shazam Geolocation Vulnerablity https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792 Voice Phishing and Internal Messaging Systems Used to Escalate Privileges https://www.ic3.gov/Media/News/2021/210115.pdf
ISC StormCast for Monday, January 18th, 2021
Scans for DNS over HTTPs https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/ https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments Netlogon Domain Controller Enforcement Mode Starting February 9th https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/ Apple Removing ContentFilterExclusionList https://www.patreon.com/posts/46179028
ISC StormCast for Monday, January 18th, 2021
Scans for DNS over HTTPs https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/ https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments Netlogon Domain Controller Enforcement Mode Starting February 9th https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/ Apple Removing ContentFilterExclusionList https://www.patreon.com/posts/46179028
ISC StormCast for Friday, January 15th, 2021
Dynamically Analzying A Heavily Obfuscted Excel 4 Macro Malicious File https://isc.sans.edu/forums/diary/Dynamically+analyzing+a+heavily+obfuscated+Excel+4+macro+malicious+file/26986/ Odd Filename Corrupts NTFS Disks https://twitter.com/jonasLyk/status/1347900440000811010 Cisco Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x