A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
Android Bytes (powered by Esper)
Android Bytes (powered by Esper) is the podcast that dives deep into the engineering and business decisions behind the world’s most popular OS. https://www.esper.io
Android powers over 3 billion devices worldwide and is the platform of choice for over a thousand companies. You’ll find Android on smartphones, tablets, watches, TV, cars, kiosks, and so much more. How does Google architect Android to run on so many form factors, and how do companies fork AOSP to make it run on even more devices? These are the kinds of questions the Android Bytes podcast considers each week.
Join cohosts Mishaal Rahman and David Ruddock, two journalists with extensive knowledge covering the Android OS platform and ecosystem, as they speak to system architects, kernel engineers, app developers, and other distinguished experts in the Android space.
Get in touch with us at Esper.io if you’re looking to use Android for your product — we have the experience you need.
ISC StormCast for Wednesday, August 7th, 2024
A Survey of Scans For GeoServer Vulnerabilities https://isc.sans.edu/diary/A%20Survey%20of%20Scans%20for%20GeoServer%20Vulnerabilities/31148 Crowdstrike Root Cause Analysis https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ Kibana Vulnerability https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/364424 Android August 2024 Bulletin https://source.android.com/docs/security/bulletin/2024-08-01 Ubiquity Amplication Attack Vulnerability Update https://blog.checkpoint.com/research/over-20000-ubiquiti-cameras-and-routers-are-vulnerable-to-amplification-attacks-and-privacy-risks/
ISC StormCast for Tuesday, August 6th, 2024
Script Obfuscation Using Multiple Instances of the Same Function https://isc.sans.edu/diary/Script%20obfuscation%20using%20multiple%20instances%20of%20the%20same%20function/31144 Disclosure of key technical details of CrowdStrike's large-scale blue screen https://mp.weixin.qq.com/s/uD7mhzyRSX1dTW-TMg4UhQ New OFBiz Vulnerability https://issues.apache.org/jira/browse/OFBIZ-13128 https://www.youtube.com/watch?v=J_IxCBjd4Pw Roundcube XSS Vulnerabilities https://securityonline.info/roundcube-webmail-releases-security-updates-to-patch-multiple-vulnerabilities/
ISC StormCast for Tuesday, August 6th, 2024
Script Obfuscation Using Multiple Instances of the Same Function https://isc.sans.edu/diary/Script%20obfuscation%20using%20multiple%20instances%20of%20the%20same%20function/31144 Disclosure of key technical details of CrowdStrike's large-scale blue screen https://mp.weixin.qq.com/s/uD7mhzyRSX1dTW-TMg4UhQ New OFBiz Vulnerability https://issues.apache.org/jira/browse/OFBIZ-13128 https://www.youtube.com/watch?v=J_IxCBjd4Pw Roundcube XSS Vulnerabilities https://securityonline.info/roundcube-webmail-releases-security-updates-to-patch-multiple-vulnerabilities/
ISC StormCast for Monday, August 5th, 2024
Current Secure Boot Certifiate Authority Expires in 2026 https://isc.sans.edu/diary/Even+Linux+users+should+take+a+look+at+this+Microsoft+KB+article/31140 OOXML Spreadsheets Protected by Verifier Hashes https://isc.sans.edu/diary/OOXML%20Spreadsheets%20Protected%20By%20Verifier%20Hashes/31072 StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/ DARPA TRACTOR Program for Translating C to Rust https://www.darpa.mil/news-events/2024-07-31a
ISC StormCast for Monday, August 5th, 2024
Current Secure Boot Certifiate Authority Expires in 2026 https://isc.sans.edu/diary/Even+Linux+users+should+take+a+look+at+this+Microsoft+KB+article/31140 OOXML Spreadsheets Protected by Verifier Hashes https://isc.sans.edu/diary/OOXML%20Spreadsheets%20Protected%20By%20Verifier%20Hashes/31072 StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/ DARPA TRACTOR Program for Translating C to Rust https://www.darpa.mil/news-events/2024-07-31a
ISC StormCast for Friday, August 2nd, 2024
Tracking Proxy Scans with IPv4.Games https://isc.sans.edu/diary/Tracking%20Proxy%20Scans%20with%20IPv4.Games/31136 Threat Actor Impersonates Google via Fake Ad For Authenticator https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator Who Knew? Domain Hijacking is so easy https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/
ISC StormCast for Friday, August 2nd, 2024
Tracking Proxy Scans with IPv4.Games https://isc.sans.edu/diary/Tracking%20Proxy%20Scans%20with%20IPv4.Games/31136 Threat Actor Impersonates Google via Fake Ad For Authenticator https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator Who Knew? Domain Hijacking is so easy https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/
ISC StormCast for Thursday, August 1st, 2024
Increased Activity Against Apache OFBiz CVS-2024-32113 https://isc.sans.edu/diary/Increased%20Activity%20Against%20Apache%20OFBiz%20CVE-2024-32113/31132 Digicert Certificate Revocation Incident https://www.digicert.com/support/certificate-revocation-incident Microsoft Azure Outage https://azure.status.microsoft/en-us/status/history/ Improving Security of Chrome Cookies https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html
ISC StormCast for Thursday, August 1st, 2024
Increased Activity Against Apache OFBiz CVS-2024-32113 https://isc.sans.edu/diary/Increased%20Activity%20Against%20Apache%20OFBiz%20CVE-2024-32113/31132 Digicert Certificate Revocation Incident https://www.digicert.com/support/certificate-revocation-incident Microsoft Azure Outage https://azure.status.microsoft/en-us/status/history/ Improving Security of Chrome Cookies https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html
ISC StormCast for Wednesday, July 31st, 2024
Apple Updates Everything: July 2024 Edition https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20July%202024%20Edition/31128 VMWare ESXi Vulnerability Actively Exploited CVE-2024-37085 https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/ Weak VoWiFi Encryption CVE-2024-22064 https://idw-online.de/en/news837652
ISC StormCast for Wednesday, July 31st, 2024
Apple Updates Everything: July 2024 Edition https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20July%202024%20Edition/31128 VMWare ESXi Vulnerability Actively Exploited CVE-2024-37085 https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/ Weak VoWiFi Encryption CVE-2024-22064 https://idw-online.de/en/news837652
ISC StormCast for Tuesday, July 30th, 2024
CrowdStrike Outage Themed Maldoc https://isc.sans.edu/diary/CrowdStrike%20Outage%20Themed%20Maldoc/31116 HotJar XSS Puts OAuth at Risk https://salt.security/blog/over-1-million-websites-are-at-risk-of-sensitive-information-leakage---xss-is-dead-long-live-xss Proofpoint Echospoofing https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
ISC StormCast for Tuesday, July 30th, 2024
CrowdStrike Outage Themed Maldoc https://isc.sans.edu/diary/CrowdStrike%20Outage%20Themed%20Maldoc/31116 HotJar XSS Puts OAuth at Risk https://salt.security/blog/over-1-million-websites-are-at-risk-of-sensitive-information-leakage---xss-is-dead-long-live-xss Proofpoint Echospoofing https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
ISC StormCast for Monday, July 29th, 2024
ExelaStealer Delivered "From Russia With Love" https://isc.sans.edu/diary/31118 Create Your Own BSOD: NotMyFault https://isc.sans.edu/diary/Create%20Your%20Own%20BSOD%3A%20NotMyFault/31120 PKFail Vulnerability https://pk.fail/ CrowdStrike Recovery https://arstechnica.com/information-technology/2024/07/97-of-crowdstrike-systems-are-back-online-microsoft-suggests-windows-changes/
ISC StormCast for Monday, July 29th, 2024
ExelaStealer Delivered "From Russia With Love" https://isc.sans.edu/diary/31118 Create Your Own BSOD: NotMyFault https://isc.sans.edu/diary/Create%20Your%20Own%20BSOD%3A%20NotMyFault/31120 PKFail Vulnerability https://pk.fail/ CrowdStrike Recovery https://arstechnica.com/information-technology/2024/07/97-of-crowdstrike-systems-are-back-online-microsoft-suggests-windows-changes/