A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
In Machines We Trust
A podcast about the automation of everything. Host Jennifer Strong and the team at MIT Technology Review look at what it means to entrust artificial intelligence with our most sensitive decisions.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Tuesday, July 11th 2017
Takeover of .io TLD https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/ Malwarebytes Quarterly Malware Report https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf OpenBSD Introducing KARL To Randomize Kernel Layout at Boot https://marc.info/?l=openbsd-tech&m=149732026405941&w=2
ISC StormCast for Tuesday, July 11th 2017
Takeover of .io TLD https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/ Malwarebytes Quarterly Malware Report https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf OpenBSD Introducing KARL To Randomize Kernel Layout at Boot https://marc.info/?l=openbsd-tech&m=149732026405941&w=2
ISC StormCast for Monday, July 10th 2017
More DDoS Ransom Demands https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Adversary Hunting With SOF-ELK https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Petya Master Key Published https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F Template Attacks Against Critical Infrastructure http://blog.talosintelligence.com/2017/07/template-injection.html
ISC StormCast for Monday, July 10th 2017
More DDoS Ransom Demands https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Adversary Hunting With SOF-ELK https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Petya Master Key Published https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F Template Attacks Against Critical Infrastructure http://blog.talosintelligence.com/2017/07/template-injection.html
ISC StormCast for Friday, July 7th 2017
Finding Odd Domain Names https://isc.sans.edu/forums/diary/Selecting+domains+with+random+names/22580/ BitTorrent Sync 2.0 Log Files https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Service+Part+2+Log+Files+artefacts/22582/ Cisco Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2 Finding Weak Password Hashing Algorithms Via Hash Collisions https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/ BIND TSIG Exploit http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf
ISC StormCast for Friday, July 7th 2017
Finding Odd Domain Names https://isc.sans.edu/forums/diary/Selecting+domains+with+random+names/22580/ BitTorrent Sync 2.0 Log Files https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Service+Part+2+Log+Files+artefacts/22582/ Cisco Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2 Finding Weak Password Hashing Algorithms Via Hash Collisions https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/ BIND TSIG Exploit http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf
ISC StormCast for Thursday, July 6th 2017
AVTest Report: Ransomware not a big deal; Android/MacOS Catching up to Windows https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf Microsoft Will Prompt Users to Update Windows 10 https://support.microsoft.com/en-us/help/4023814 Bithumb Bitcoin Exchange Hacked (Article in Korean) http://bithumb.cafe/archives/7329 Turkish Airlines and Emirates Remove Laptop Ban http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/ Ukrainian Authorities Raid MeDoc (Article in Ukrainian) https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/
ISC StormCast for Thursday, July 6th 2017
AVTest Report: Ransomware not a big deal; Android/MacOS Catching up to Windows https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf Microsoft Will Prompt Users to Update Windows 10 https://support.microsoft.com/en-us/help/4023814 Bithumb Bitcoin Exchange Hacked (Article in Korean) http://bithumb.cafe/archives/7329 Turkish Airlines and Emirates Remove Laptop Ban http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/ Ukrainian Authorities Raid MeDoc (Article in Ukrainian) https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/
ISC StormCast for Wednesday, July 5th 2017
Microsoft Patches Skype Vulnerability https://www.vulnerability-lab.com/get_content.php?id=2071 SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug) https://github.com/systemd/systemd/issues/6237 Cisco Fixes SNMP Vulnerability in IOS and IOS XE https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp Smartphones Can Be Compromised with shady replacement parts https://iss.oy.ne.ro/Shattered Siemens Fixes Intel AMT Bug https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf Update For libgcrypt https://www.ubuntuupdates.org/package/core/zesty/main/updates/libgcrypt20-dev
ISC StormCast for Wednesday, July 5th 2017
Microsoft Patches Skype Vulnerability https://www.vulnerability-lab.com/get_content.php?id=2071 SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug) https://github.com/systemd/systemd/issues/6237 Cisco Fixes SNMP Vulnerability in IOS and IOS XE https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp Smartphones Can Be Compromised with shady replacement parts https://iss.oy.ne.ro/Shattered Siemens Fixes Intel AMT Bug https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf Update For libgcrypt https://www.ubuntuupdates.org/package/core/zesty/main/updates/libgcrypt20-dev
ISC StormCast for Friday, June 30th 2017
Catching up With Blank Slate https://isc.sans.edu/forums/diary/Catching+up+with+Blank+Slate+a+malspam+campaign+still+going+strong/22570/ Azure AD Connect Vulnerability https://technet.microsoft.com/library/security/4033453.aspx#ID0EN Exploit Available For Stack Clash Vulnerability https://www.qualys.com/research/security-advisories/ Paul Herschberger: Data Breach Impact Estimation https://www.sans.org/reading-room/whitepapers/dlp/data-breach-impact-estimation-37502
ISC StormCast for Friday, June 30th 2017
Catching up With Blank Slate https://isc.sans.edu/forums/diary/Catching+up+with+Blank+Slate+a+malspam+campaign+still+going+strong/22570/ Azure AD Connect Vulnerability https://technet.microsoft.com/library/security/4033453.aspx#ID0EN Exploit Available For Stack Clash Vulnerability https://www.qualys.com/research/security-advisories/ Paul Herschberger: Data Breach Impact Estimation https://www.sans.org/reading-room/whitepapers/dlp/data-breach-impact-estimation-37502
ISC StormCast for Thursday, June 29th 2017
Petya Ransomware Update https://isc.sans.edu/forums/diary/Petya+I+hardly+know+ya+an+ISC+update+on+the+20170627+ransomware+outbreak/22566/ Ubuntu systemd Vulnerability https://www.ubuntu.com/usn/usn-3341-1/ Microsoft Will Include EMET in Windows 10 https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/ BGB Attacks Against Bitcoin https://blog.acolyer.org/2017/06/27/hijacking-bitcoin-routing-attacks-on-cryptocurrencies/
ISC StormCast for Thursday, June 29th 2017
Petya Ransomware Update https://isc.sans.edu/forums/diary/Petya+I+hardly+know+ya+an+ISC+update+on+the+20170627+ransomware+outbreak/22566/ Ubuntu systemd Vulnerability https://www.ubuntu.com/usn/usn-3341-1/ Microsoft Will Include EMET in Windows 10 https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/ BGB Attacks Against Bitcoin https://blog.acolyer.org/2017/06/27/hijacking-bitcoin-routing-attacks-on-cryptocurrencies/
ISC StormCast for Wednesday, June 28th 2017
Petya/Goldeneye Variant Makes the Rounds https://isc.sans.edu/forums/diary/Checking+out+the+new+Petya+variant/22562/