A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
In Machines We Trust
A podcast about the automation of everything. Host Jennifer Strong and the team at MIT Technology Review look at what it means to entrust artificial intelligence with our most sensitive decisions.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Tuesday, December 19th 2017
Not So Malicious Word Doc https://isc.sans.edu/forums/diary/Phish+or+scam+Part+1/23141/ https://isc.sans.edu/forums/diary/Phish+or+scam+Part+2/23145/ AMF Descerializer Vulnerability http://codewhitesec.blogspot.com/2017/04/amf.html?m=1 Windows "Keeper" Password Manager Vulnerable https://bugs.chromium.org/p/project-zero/issues/detail?id=1481&desc=3 Android Malware Destroys Device https://securelist.com/jack-of-all-trades/83470/
ISC StormCast for Monday, December 18th 2017
Microsoft Office VBA Macro Obfuscation via Metadata https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/ Large Scale BGP Attack https://bgpmon.net/popular-destinations-rerouted-to-russia/ HSTS and HPKP Weaknesses in Firefox, IE/Edge and Chrome http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html
ISC StormCast for Monday, December 18th 2017
Microsoft Office VBA Macro Obfuscation via Metadata https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/ Large Scale BGP Attack https://bgpmon.net/popular-destinations-rerouted-to-russia/ HSTS and HPKP Weaknesses in Firefox, IE/Edge and Chrome http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html
ISC StormCast for Friday, December 15th 2017
Citizen Lab Security Planner https://securityplanner.org/ Apple Update to iOS/tvOS/iCloud (Windows) https://support.apple.com/en-us/HT201222 Fortinet Client Credentials Shared Key https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.html Fox-It Victim of a Man-in-the-Middle Attack https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/
ISC StormCast for Friday, December 15th 2017
Citizen Lab Security Planner https://securityplanner.org/ Apple Update to iOS/tvOS/iCloud (Windows) https://support.apple.com/en-us/HT201222 Fortinet Client Credentials Shared Key https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.html Fox-It Victim of a Man-in-the-Middle Attack https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/
ISC StormCast for Thursday, December 14th 2017
Tracking Newly Registered Domains https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/ Critical Palo Alto Firewall Flaws Allow RCE as root http://seclists.org/fulldisclosure/2017/Dec/38 Hiding Changes from git-diff https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/ Apple Airport Update https://support.apple.com/en-us/HT208354
ISC StormCast for Thursday, December 14th 2017
Tracking Newly Registered Domains https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/ Critical Palo Alto Firewall Flaws Allow RCE as root http://seclists.org/fulldisclosure/2017/Dec/38 Hiding Changes from git-diff https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/ Apple Airport Update https://support.apple.com/en-us/HT208354
ISC StormCast for Wednesday, December 13th 2017
Microsoft Patch Tuesday Summary https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/ EV Certificate Model Broken? https://stripe.ian.sh ROBOT Attack Against TLS https://robotattack.org
ISC StormCast for Wednesday, December 13th 2017
Microsoft Patch Tuesday Summary https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/ EV Certificate Model Broken? https://stripe.ian.sh ROBOT Attack Against TLS https://robotattack.org
ISC StormCast for Tuesday, December 12th 2017
Pornographic Spam Messages Used to Deliver Crypto Coin Miner https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/ Microsoft Leaks Secret SSL Key For Dynamics 365 https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648 Proxy Botnet Used to Launch Variety of Web Application Attacks https://news.drweb.com/show/?i=11627&lng=en FoxIT Releases Utility to Recover Manipulated Windows Logs https://github.com/fox-it/danderspritz-evtx
ISC StormCast for Tuesday, December 12th 2017
Pornographic Spam Messages Used to Deliver Crypto Coin Miner https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/ Microsoft Leaks Secret SSL Key For Dynamics 365 https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648 Proxy Botnet Used to Launch Variety of Web Application Attacks https://news.drweb.com/show/?i=11627&lng=en FoxIT Releases Utility to Recover Manipulated Windows Logs https://github.com/fox-it/danderspritz-evtx
ISC StormCast for Monday, December 11th 2017
Sometimes An RTF Document is Just an RTF Document https://isc.sans.edu/forums/diary/Sometimes+its+a+dud/23115/ HP Keyboard Drivers Can Log Keystrokes https://support.hp.com/us-en/document/c05827409 https://zwclose.github.io/HP-keylogger/ Android App Signature Bypass https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures MSFT Patches Antimalware Engine https://portal.msrc.microsoft.com/en-US/eula
ISC StormCast for Monday, December 11th 2017
Sometimes An RTF Document is Just an RTF Document https://isc.sans.edu/forums/diary/Sometimes+its+a+dud/23115/ HP Keyboard Drivers Can Log Keystrokes https://support.hp.com/us-en/document/c05827409 https://zwclose.github.io/HP-keylogger/ Android App Signature Bypass https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures MSFT Patches Antimalware Engine https://portal.msrc.microsoft.com/en-US/eula
ISC StormCast for Friday, December 8th 2017
Positive Technologies Demonstrates Intel ME Exploit at Blackhat Europe https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf Tracking Users Without GPS http://ieeexplore.ieee.org/document/8038870/ Process Doppelgaenger Anti-Malware Bypass https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf Friday Webcast About Recent OWASP Top 10 Update https://www.sans.org/webcasts/owasp-top-10-2017-106560
ISC StormCast for Friday, December 8th 2017
Positive Technologies Demonstrates Intel ME Exploit at Blackhat Europe https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf Tracking Users Without GPS http://ieeexplore.ieee.org/document/8038870/ Process Doppelgaenger Anti-Malware Bypass https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf Friday Webcast About Recent OWASP Top 10 Update https://www.sans.org/webcasts/owasp-top-10-2017-106560