A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
In Machines We Trust
A podcast about the automation of everything. Host Jennifer Strong and the team at MIT Technology Review look at what it means to entrust artificial intelligence with our most sensitive decisions.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Tuesday, July 17th 2018
Encrypted SNI in TLS 1.3 https://tools.ietf.org/html/draft-rescorla-tls-esni-00 Microsoft to Retire "Delta Updates" https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426 Practical GPS Spoofing of Navigation Devices https://www.microsoft.com/en-us/research/uploads/prod/2018/06/security18gps.pdf
ISC StormCast for Tuesday, July 17th 2018
Encrypted SNI in TLS 1.3 https://tools.ietf.org/html/draft-rescorla-tls-esni-00 Microsoft to Retire "Delta Updates" https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426 Practical GPS Spoofing of Navigation Devices https://www.microsoft.com/en-us/research/uploads/prod/2018/06/security18gps.pdf
ISC StormCast for Monday, July 16th 2018
Processing JSON https://isc.sans.edu/forums/diary/Video+Retrieving+and+processing+JSON+data+BTC+example/23874/ Cryptocoin Mining Javascript (yet again) https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/ Dahua Passwords Leaked/Cached by Search Engine https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/ MDM Used in Targeted Attack Against iPhone Users https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html
ISC StormCast for Monday, July 16th 2018
Processing JSON https://isc.sans.edu/forums/diary/Video+Retrieving+and+processing+JSON+data+BTC+example/23874/ Cryptocoin Mining Javascript (yet again) https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/ Dahua Passwords Leaked/Cached by Search Engine https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/ MDM Used in Targeted Attack Against iPhone Users https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html
ISC StormCast for Friday, July 13th 2018
Extortion Claims Include Leaked Passwords to Appear more Plausiable https://isc.sans.edu/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/ npm Package Compromised and Used To Steal Credentials https://github.com/eslint/eslint-scope/issues/39#issuecomment-404533026 CIRCL IMAP Proxy https://github.com/CIRCL/IMAP-Proxy Checkpoint Names "Dorkbot" As A Top Threat (Signup required) https://research.checkpoint.com/cyber-attack-trends-2018-mid-year-report/
ISC StormCast for Friday, July 13th 2018
Extortion Claims Include Leaked Passwords to Appear more Plausiable https://isc.sans.edu/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/ npm Package Compromised and Used To Steal Credentials https://github.com/eslint/eslint-scope/issues/39#issuecomment-404533026 CIRCL IMAP Proxy https://github.com/CIRCL/IMAP-Proxy Checkpoint Names "Dorkbot" As A Top Threat (Signup required) https://research.checkpoint.com/cyber-attack-trends-2018-mid-year-report/
ISC StormCast for Thursday, July 12th 2018
Hello Peppa Followup https://isc.sans.edu/forums/diary/Well+Hello+Again+Peppa/23860/ Spectre 1.1 and 1.2 https://people.csail.mit.edu/vlk/spectre11.pdf Internet Exchanges Band Together against BGP Hijacking https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/ Google Enabled Site Isolation in Chrome https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/
ISC StormCast for Thursday, July 12th 2018
Hello Peppa Followup https://isc.sans.edu/forums/diary/Well+Hello+Again+Peppa/23860/ Spectre 1.1 and 1.2 https://people.csail.mit.edu/vlk/spectre11.pdf Internet Exchanges Band Together against BGP Hijacking https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/ Google Enabled Site Isolation in Chrome https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/
ISC StormCast for Wednesday, July 11th 2018
MSFT Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+July+2018+now+with+Dashboard/23858/ https://patchtuesdaydashboard.com/ SettingContent-ms Files Blacklisted https://support.office.com/en-us/article/packager-activation-in-office-365-desktop-applications-52808039-4a7c-4550-be3a-869dd338d834?ui=en-US&rs=en-US&ad=US Adobe Patches https://helpx.adobe.com/security.html Stolen DLINK Certificate https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/
ISC StormCast for Wednesday, July 11th 2018
MSFT Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+July+2018+now+with+Dashboard/23858/ https://patchtuesdaydashboard.com/ SettingContent-ms Files Blacklisted https://support.office.com/en-us/article/packager-activation-in-office-365-desktop-applications-52808039-4a7c-4550-be3a-869dd338d834?ui=en-US&rs=en-US&ad=US Adobe Patches https://helpx.adobe.com/security.html Stolen DLINK Certificate https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/
ISC StormCast for Tuesday, July 10th 2018
Reverse Shell via Weblogic Flaw https://isc.sans.edu/forums/diary/Criminals+Dont+Read+Instructions+or+Use+Strong+Passwords/23850/ Apple Patches Everything Again https://isc.sans.edu/forums/diary/Apple+Patches+Everything+Again/23852/ Microsoft Offers Better Azure AD Password Protection http://www.longevitytech.us/2018/07/09/azure-ad-password-protection-the-cloud-security-service-your-active-directory-needs-now/
ISC StormCast for Tuesday, July 10th 2018
Reverse Shell via Weblogic Flaw https://isc.sans.edu/forums/diary/Criminals+Dont+Read+Instructions+or+Use+Strong+Passwords/23850/ Apple Patches Everything Again https://isc.sans.edu/forums/diary/Apple+Patches+Everything+Again/23852/ Microsoft Offers Better Azure AD Password Protection http://www.longevitytech.us/2018/07/09/azure-ad-password-protection-the-cloud-security-service-your-active-directory-needs-now/
ISC StormCast for Monday, July 9th 2018
Trivial Exploit For HP iLO 4 (patched last August) https://airbus-seclab.github.io/ilo/SSTIC2018-Article-subverting_your_server_through_its_bmc_the_hpe_ilo4_case-gazet_perigaud_czarny.pdf Flexible Miner/Ransomware https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/ Hacker Steals Gas From Gas Station https://gizmodo.com/hackers-reportedly-stole-600-gallons-of-gas-from-detroi-1827433411
ISC StormCast for Monday, July 9th 2018
Trivial Exploit For HP iLO 4 (patched last August) https://airbus-seclab.github.io/ilo/SSTIC2018-Article-subverting_your_server_through_its_bmc_the_hpe_ilo4_case-gazet_perigaud_czarny.pdf Flexible Miner/Ransomware https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/ Hacker Steals Gas From Gas Station https://gizmodo.com/hackers-reportedly-stole-600-gallons-of-gas-from-detroi-1827433411
ISC StormCast for Friday, July 6th 2018
Gentoo GitHub Breach Post Morten https://wiki.gentoo.org/wiki/Github/2018-06-28 Hamas Sets World Cup Trap for Israeli Soldiers https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX