A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
In Machines We Trust
A podcast about the automation of everything. Host Jennifer Strong and the team at MIT Technology Review look at what it means to entrust artificial intelligence with our most sensitive decisions.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Friday, July 27th 2018
NetSpectre: Read Arbitrary Memory over the Network https://misc0110.net/web/files/netspectre.pdf Google Play Store Bans Crypto Miners https://play.google.com/about/developer-content-policy-print/ Japanese Calendar Issues https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/ Multiple Vulnerabilities in Samsung SmartThings Hub https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html?m=1 Times Change and Your Training Data Should Too: The Effect of Training Data Recency on Twitter Classifiers. Ryan O'Grady https://www.sans.org/reading-room/whitepapers/artificialintelligence/times-change-training-data-too-effect-training-data-recency-twitter-classifiers-38500
ISC StormCast for Thursday, July 26th 2018
Etherscan.io XSS Vulnerability https://scotthelme.co.uk/xss-on-etherscan-io/ Tomcat Vulnerabilities Patched https://www.us-cert.gov/ncas/current-activity/2018/07/23/Apache-Releases-Security-Updates-Apache-Tomcat DNS over HTTPS Standard Finalized https://datatracker.ietf.org/wg/doh/about/ ERP Systems Targeted in Recent Attacks https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications
ISC StormCast for Thursday, July 26th 2018
Etherscan.io XSS Vulnerability https://scotthelme.co.uk/xss-on-etherscan-io/ Tomcat Vulnerabilities Patched https://www.us-cert.gov/ncas/current-activity/2018/07/23/Apache-Releases-Security-Updates-Apache-Tomcat DNS over HTTPS Standard Finalized https://datatracker.ietf.org/wg/doh/about/ ERP Systems Targeted in Recent Attacks https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications
ISC StormCast for Wednesday, July 25th 2018
Emotet Update https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/ Clear Text Phone Tracking https://isc.sans.edu/forums/diary/Cell+Phone+Monitoring+Who+is+Watching+the+Watchers/23910/ Bluetooth Bug https://www.kb.cert.org/vuls/id/304725 Apache OpenWhisk Vulnerability https://www.puresec.io/blog/Apache_OpenWhisk_Mutability_Weakness?hs_preview=EpJUmSoY-5972289702
ISC StormCast for Wednesday, July 25th 2018
Emotet Update https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/ Clear Text Phone Tracking https://isc.sans.edu/forums/diary/Cell+Phone+Monitoring+Who+is+Watching+the+Watchers/23910/ Bluetooth Bug https://www.kb.cert.org/vuls/id/304725 Apache OpenWhisk Vulnerability https://www.puresec.io/blog/Apache_OpenWhisk_Mutability_Weakness?hs_preview=EpJUmSoY-5972289702
ISC StormCast for Tuesday, July 24th 2018
More Spectre https://arxiv.org/pdf/1807.07940.pdf July IE Patch Fixed older Remote Code Exec. Bug http://blogs.360.cn/blog/from-a-patched-itw-0day-to-remote-code-execution-part-i-from-patch-to-new-0day/ Google Chrome 68 Released Today. HTTP sites marked as "insecure" https://support.google.com/chrome/a/answer/7679408?hl=en DNS Rebinding Vulnerablity Common in IoT https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/
ISC StormCast for Tuesday, July 24th 2018
More Spectre https://arxiv.org/pdf/1807.07940.pdf July IE Patch Fixed older Remote Code Exec. Bug http://blogs.360.cn/blog/from-a-patched-itw-0day-to-remote-code-execution-part-i-from-patch-to-new-0day/ Google Chrome 68 Released Today. HTTP sites marked as "insecure" https://support.google.com/chrome/a/answer/7679408?hl=en DNS Rebinding Vulnerablity Common in IoT https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/
ISC StormCast for Monday, July 23rd 2018
New WebLogic Vulnerability Already Exploited https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/ Microsoft Edge Turns off XSS Protection https://portswigger.net/daily-swig/xss-protection-disappears-from-microsoft-edge Intel Management Engine Vulnerabilities https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html User Tracking With TLS 1.2 Certificates http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper2.pdf
ISC StormCast for Monday, July 23rd 2018
New WebLogic Vulnerability Already Exploited https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/ Microsoft Edge Turns off XSS Protection https://portswigger.net/daily-swig/xss-protection-disappears-from-microsoft-edge Intel Management Engine Vulnerabilities https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html User Tracking With TLS 1.2 Certificates http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper2.pdf
ISC StormCast for Friday, July 20th 2018
Cisco Patches https://tools.cisco.com/security/center/publicationListing.x Diqee Smart Vacuum Vulnerabilities http://en.diqee.com/goods/1994.html Instagram About To Release 2FA Update https://techcrunch.com/2018/07/17/instagram-2-factor/ Reporting Malicious Websites https://isc.sans.edu/forums/diary/Reporting+Malicious+Websites+in+2018/23892/
ISC StormCast for Friday, July 20th 2018
Cisco Patches https://tools.cisco.com/security/center/publicationListing.x Diqee Smart Vacuum Vulnerabilities http://en.diqee.com/goods/1994.html Instagram About To Release 2FA Update https://techcrunch.com/2018/07/17/instagram-2-factor/ Reporting Malicious Websites https://isc.sans.edu/forums/diary/Reporting+Malicious+Websites+in+2018/23892/
ISC StormCast for Thursday, July 19th 2018
Increase in scans for port 15454 https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/ Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Venmo Public Transaction API https://publicbydefault.fyi Credential Stuffing Responsible for Majority of Login Attempts http://info.shapesecurity.com/2018-Credential-Spill-Report-by-Shape-Security
ISC StormCast for Thursday, July 19th 2018
Increase in scans for port 15454 https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/ Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Venmo Public Transaction API https://publicbydefault.fyi Credential Stuffing Responsible for Majority of Login Attempts http://info.shapesecurity.com/2018-Credential-Spill-Report-by-Shape-Security
ISC StormCast for Wednesday, July 18th 2018
Searching for Geographically Improbably Login Attempts https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/ Typo3 CMS Update https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/ GitHub Expands Security Scanner to Python https://blog.github.com/2018-07-12-security-vulnerability-alerts-for-python/ Money Laundry Scheme Exposed by Open Mongo database. https://kromtech.com/blog/security-center/digital-laundry
ISC StormCast for Wednesday, July 18th 2018
Searching for Geographically Improbably Login Attempts https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/ Typo3 CMS Update https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/ GitHub Expands Security Scanner to Python https://blog.github.com/2018-07-12-security-vulnerability-alerts-for-python/ Money Laundry Scheme Exposed by Open Mongo database. https://kromtech.com/blog/security-center/digital-laundry