A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
In Machines We Trust
A podcast about the automation of everything. Host Jennifer Strong and the team at MIT Technology Review look at what it means to entrust artificial intelligence with our most sensitive decisions.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Tuesday, March 17th 2020
Desktop.ini as a post-exploitation tool https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/ VMWAre Workstatation/Fusion Update https://www.vmware.com/security/advisories/VMSA-2020-0004.html Blackwater Malware Abuses Cloudflare Workers https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/ tcpdump Heap Based Buffer Over-Read https://nvd.nist.gov/vuln/detail/CVE-2018-19325 Slack Account Takevoer Bug https://hackerone.com/reports/737140
ISC StormCast for Tuesday, March 17th 2020
Desktop.ini as a post-exploitation tool https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/ VMWAre Workstatation/Fusion Update https://www.vmware.com/security/advisories/VMSA-2020-0004.html Blackwater Malware Abuses Cloudflare Workers https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/ tcpdump Heap Based Buffer Over-Read https://nvd.nist.gov/vuln/detail/CVE-2018-19325 Slack Account Takevoer Bug https://hackerone.com/reports/737140
ISC StormCast for Monday, March 16th 2020
Phishing PDFs With Incremental Updates https://isc.sans.edu/forums/diary/Phishing+PDF+With+Incremental+Updates/25904/ VPN Access and Active Monitoring https://isc.sans.edu/forums/diary/VPN+Access+and+Activity+Monitoring/25906/ Capturing Invalid Ethernet Frames https://isc.sans.edu/forums/diary/Not+all+Ethernet+NICs+are+Created+Equal+Trying+to+Capture+Invalid+Ethernet+Frames/25896/ Cookiethief Android Cookie Stealing Malware https://securelist.com/cookiethief/96332/ SANS Security Awareness Deployment Kit for Securing Your Workforce at Home https://www.sans.org/webcasts/113875
ISC StormCast for Monday, March 16th 2020
Phishing PDFs With Incremental Updates https://isc.sans.edu/forums/diary/Phishing+PDF+With+Incremental+Updates/25904/ VPN Access and Active Monitoring https://isc.sans.edu/forums/diary/VPN+Access+and+Activity+Monitoring/25906/ Capturing Invalid Ethernet Frames https://isc.sans.edu/forums/diary/Not+all+Ethernet+NICs+are+Created+Equal+Trying+to+Capture+Invalid+Ethernet+Frames/25896/ Cookiethief Android Cookie Stealing Malware https://securelist.com/cookiethief/96332/ SANS Security Awareness Deployment Kit for Securing Your Workforce at Home https://www.sans.org/webcasts/113875
ISC StormCast for Friday, March 13th 2020
Microsoft Releases Patch for Windows SMBv3 Compression Vulnerability CVE-2020-0796 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 Hancitor Distributed Through Coronavirus-Themed Malspam https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/ Avast Removes Vulnerable JavaScript Emulator From Products https://github.com/taviso/avscript Checkra1n Exploit Works Against T2 Equipped Macs https://www.idownloadblog.com/2020/03/10/luca-todesco-teases-checkra1n-hacks-on-a-t2-equipped-macbook-pros-touch-bar/
ISC StormCast for Friday, March 13th 2020
Microsoft Releases Patch for Windows SMBv3 Compression Vulnerability CVE-2020-0796 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 Hancitor Distributed Through Coronavirus-Themed Malspam https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/ Avast Removes Vulnerable JavaScript Emulator From Products https://github.com/taviso/avscript Checkra1n Exploit Works Against T2 Equipped Macs https://www.idownloadblog.com/2020/03/10/luca-todesco-teases-checkra1n-hacks-on-a-t2-equipped-macbook-pros-touch-bar/
ISC StormCast for Thursday, March 12th 2020
Mystery SMB3 Flaw Update https://isc.sans.edu/forums/diary/Critical+SMBv3+Vulnerability+Remote+Code+Execution/25890/ COVID19 Malware https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/ Agent Tesla Spread by Fake Canon EOS Notification Email https://isc.sans.edu/forums/diary/Agent+Tesla+Delivered+via+Fake+Canon+EOS+Notification+on+Free+OwnCloud+Account/25884/
ISC StormCast for Thursday, March 12th 2020
Mystery SMB3 Flaw Update https://isc.sans.edu/forums/diary/Critical+SMBv3+Vulnerability+Remote+Code+Execution/25890/ COVID19 Malware https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/ Agent Tesla Spread by Fake Canon EOS Notification Email https://isc.sans.edu/forums/diary/Agent+Tesla+Delivered+via+Fake+Canon+EOS+Notification+on+Free+OwnCloud+Account/25884/
ISC StormCast for Wednesday, March 11th 2020
Microsoft Patch Tuesday https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005 https://isc.sans.edu/diary.html?storyid=25886
ISC StormCast for Wednesday, March 11th 2020
Microsoft Patch Tuesday https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005 https://isc.sans.edu/diary.html?storyid=25886
ISC StormCast for Tuesday, March 10th 2020
Malicious Spreadsheet With Data Connection and Excel 4 Macros https://isc.sans.edu/forums/diary/Malicious+Spreadsheet+With+Data+Connection+and+Excel+4+Macros/25880/ Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors https://mlq.me/download/takeaway.pdf https://www.amd.com/en/corporate/product-security Google Play Store Protect Fails Security Test https://www.av-test.org/en/news/here-s-how-well-17-android-security-apps-provide-protection/
ISC StormCast for Tuesday, March 10th 2020
Malicious Spreadsheet With Data Connection and Excel 4 Macros https://isc.sans.edu/forums/diary/Malicious+Spreadsheet+With+Data+Connection+and+Excel+4+Macros/25880/ Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors https://mlq.me/download/takeaway.pdf https://www.amd.com/en/corporate/product-security Google Play Store Protect Fails Security Test https://www.av-test.org/en/news/here-s-how-well-17-android-security-apps-provide-protection/
ISC StormCast for Monday, March 9th 2020
Excel Maldocs: Hidden Sheets https://isc.sans.edu/forums/diary/Excel+Maldocs+Hidden+Sheets/25876/ Wireshark 3.2.2. Released https://www.wireshark.org/docs/relnotes/wireshark-3.2.2.html Linux PPP Vulnerability https://www.kb.cert.org/vuls/id/782301/ NordVPN Vulnerablity https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/ Unpatched Android Devices https://www.which.co.uk/news/2020/03/more-than-one-billion-android-devices-at-risk-of-malware-threats/
ISC StormCast for Monday, March 9th 2020
Excel Maldocs: Hidden Sheets https://isc.sans.edu/forums/diary/Excel+Maldocs+Hidden+Sheets/25876/ Wireshark 3.2.2. Released https://www.wireshark.org/docs/relnotes/wireshark-3.2.2.html Linux PPP Vulnerability https://www.kb.cert.org/vuls/id/782301/ NordVPN Vulnerablity https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/ Unpatched Android Devices https://www.which.co.uk/news/2020/03/more-than-one-billion-android-devices-at-risk-of-malware-threats/
ISC StormCast for Friday, March 6th 2020
Survey Phish https://isc.sans.edu/forums/diary/Will+You+Put+Your+Password+in+a+Survey/25866/ Healthcare.gov Sending E-Mail Looking Like Phishing https://twitter.com/johullrich/status/1235740586717720577 Intel x86 Root of Trust: Loss of Trust https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html Let's Encrypt Revises Revokation Plan https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/2 Trust Me, I'm Certified Podcast https://www.giac.org/podcasts