A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
In Machines We Trust
A podcast about the automation of everything. Host Jennifer Strong and the team at MIT Technology Review look at what it means to entrust artificial intelligence with our most sensitive decisions.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Friday, November 3rd 2017
Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf Half of Most Popular Free iOS Apps do not use TLS correctly http://www.zeit.de/digital/datenschutz/2017-10/iphone-ios-apps-hacker-verschluesselung/komplettansicht#comments Image Downloader Chrome Extension Includes Adware https://www.bleepingcomputer.com/news/security/psa-beware-the-image-downloader-chrome-adware-extension/ Employees Pay Up Ransomware https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/
ISC StormCast for Friday, November 3rd 2017
Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf Half of Most Popular Free iOS Apps do not use TLS correctly http://www.zeit.de/digital/datenschutz/2017-10/iphone-ios-apps-hacker-verschluesselung/komplettansicht#comments Image Downloader Chrome Extension Includes Adware https://www.bleepingcomputer.com/news/security/psa-beware-the-image-downloader-chrome-adware-extension/ Employees Pay Up Ransomware https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/
ISC StormCast for Thursday, November 2nd 2017
Configuring SSH Properly on Cisco IOS https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/ Ethereum Miners Hijacked via Default SSH Credentials https://labs.bitdefender.com/2017/11/ethereum-os-miners-targeted-by-ssh-based-hijacker/ Crypto Shuffler Steals Bitcoin From Clipboard https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/ Google Calender Event Injection Added To Mail Snipper https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/ November Ouch! Newsletter released: Shopping Security Online https://securingthehuman.sans.org/resources/newsletters/ouch/2017?utm_medium=Social&utm_source=Twitter&utm_content=OUCH+Nov+2017+all+languages+&utm_campaign=STH+Ouch+#november2017
ISC StormCast for Thursday, November 2nd 2017
Configuring SSH Properly on Cisco IOS https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/ Ethereum Miners Hijacked via Default SSH Credentials https://labs.bitdefender.com/2017/11/ethereum-os-miners-targeted-by-ssh-based-hijacker/ Crypto Shuffler Steals Bitcoin From Clipboard https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/ Google Calender Event Injection Added To Mail Snipper https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/ November Ouch! Newsletter released: Shopping Security Online https://securingthehuman.sans.org/resources/newsletters/ouch/2017?utm_medium=Social&utm_source=Twitter&utm_content=OUCH+Nov+2017+all+languages+&utm_campaign=STH+Ouch+#november2017
ISC StormCast for Wednesday, November 1st 2017
Malicious Powershell Code https://isc.sans.edu/forums/diary/Some+Powershell+Malicious+Code/22988/ Apple Updates Everything https://support.apple.com/en-gb/HT201222 Internet Draft To Update IoT Devices https://tools.ietf.org/html/draft-moran-suit-architecture-00
ISC StormCast for Wednesday, November 1st 2017
Malicious Powershell Code https://isc.sans.edu/forums/diary/Some+Powershell+Malicious+Code/22988/ Apple Updates Everything https://support.apple.com/en-gb/HT201222 Internet Draft To Update IoT Devices https://tools.ietf.org/html/draft-moran-suit-architecture-00
ISC StormCast for Tuesday, October 31st 2017
Google Chrome Moving Away from HTTPS Public Key Pinning (HPKP) https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ Effort To Remove Trust From Dutch CA Over New Intercept Law https://bugzilla.mozilla.org/show_bug.cgi?id=1408647 Crypto Coin Mining Feature Found in Google App Store Downloads http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/
ISC StormCast for Tuesday, October 31st 2017
Google Chrome Moving Away from HTTPS Public Key Pinning (HPKP) https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ Effort To Remove Trust From Dutch CA Over New Intercept Law https://bugzilla.mozilla.org/show_bug.cgi?id=1408647 Crypto Coin Mining Feature Found in Google App Store Downloads http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/
ISC StormCast for Monday, October 30th 2017
Critical New Oracle Patch http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html CatchAll Google Chrome Plugins https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/ ACE Files Used For Malware https://isc.sans.edu/forums/diary/Remember+ACE+files/22978/
ISC StormCast for Monday, October 30th 2017
Critical New Oracle Patch http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html CatchAll Google Chrome Plugins https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/ ACE Files Used For Malware https://isc.sans.edu/forums/diary/Remember+ACE+files/22978/
ISC StormCast for Friday, October 27th 2017
Results of Kaspersky's Internal Investigation https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/ Infineon Bug Testing Tool https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc Micropatch Available for "DDE Vulnerability" https://0patch.blogspot.com/2017/10/0patching-office-dde-ddeauto.html Finding Cryptocurrency Miners https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157
ISC StormCast for Friday, October 27th 2017
Results of Kaspersky's Internal Investigation https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/ Infineon Bug Testing Tool https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc Micropatch Available for "DDE Vulnerability" https://0patch.blogspot.com/2017/10/0patching-office-dde-ddeauto.html Finding Cryptocurrency Miners https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157
ISC StormCast for Thursday, October 26th 2017
Coinhive Domain Compromise https://coinhive.com/blog/dns-breach Dell Loses Control of Backup and Recovery Cloud Storage Domain https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/#more-41267 Google ReCaptcha Broken https://github.com/ecthros/uncaptcha Users in Iran Targeted by Cryptoransomware Masquerading as VPN https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/ Crypto Currency Phishing https://www.dearbytes.com/blog/cryptocurrency-phishing/
ISC StormCast for Thursday, October 26th 2017
Coinhive Domain Compromise https://coinhive.com/blog/dns-breach Dell Loses Control of Backup and Recovery Cloud Storage Domain https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/#more-41267 Google ReCaptcha Broken https://github.com/ecthros/uncaptcha Users in Iran Targeted by Cryptoransomware Masquerading as VPN https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/ Crypto Currency Phishing https://www.dearbytes.com/blog/cryptocurrency-phishing/
ISC StormCast for Wednesday, October 25th 2017
Stop Relying on File Extensions https://isc.sans.edu/forums/diary/Stop+relying+on+file+extensions/22962/ BadRabbit New Ransomware Wave Hitting Russia and Ukraine https://isc.sans.edu/forums/diary/BadRabbit+New+ransomware+wave+hitting+RU+UA/22964/ https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/ Over 70% Of Web Traffic Now via TLS https://transparencyreport.google.com/https/overview?hl=en Static RNG Seeds in Fortinet Devices https://duhkattack.com