A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
In Machines We Trust
A podcast about the automation of everything. Host Jennifer Strong and the team at MIT Technology Review look at what it means to entrust artificial intelligence with our most sensitive decisions.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Tuesday, January 31st 2017
py2exe Decompiling Part 2 https://isc.sans.edu/forums/diary/py2exe+Decompiling+Part+2/22005/ Telemarketer Leaks Call Recordings https://mackeeper.com/blog/post/326-telemarketing-company-leaks-400k-of-sensitive-files Facebook Introduces Delegated Recovery Protocol https://github.com/facebookincubator/DelegatedRecovery/ https://raw.githubusercontent.com/facebookincubator/DelegatedRecovery/master/draft-hill-delegated-recovery.raw.txt Another Cisco WebEx Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Cryptkeeper Does Not Correctly Encrypt Folders https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751
ISC StormCast for Monday, January 30th 2017
Port 5358 Scans for Devices https://isc.sans.edu/forums/diary/Request+for+Packets+and+Logs+TCP+5358/21997/ OpenSSH Vulnerablity http://www.openwall.com/lists/oss-security/2017/01/26/2 Ransomware Hits Traffic Cameras in DC https://www.washingtonpost.com/local/public-safety/hackers-hit-dc-police-closed-circuit-camera-network-city-officials-disclose/2017/01/27/d285a4a4-e4f5-11e6-ba11-63c4b4fb5a63_print.html Hotel Hit By Ransomware http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms Not So Private Android VPNs http://www.icir.org/vern/papers/vpn-apps-imc16.pdf Google Starting its own Certificate Authority https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html
ISC StormCast for Monday, January 30th 2017
Port 5358 Scans for Devices https://isc.sans.edu/forums/diary/Request+for+Packets+and+Logs+TCP+5358/21997/ OpenSSH Vulnerablity http://www.openwall.com/lists/oss-security/2017/01/26/2 Ransomware Hits Traffic Cameras in DC https://www.washingtonpost.com/local/public-safety/hackers-hit-dc-police-closed-circuit-camera-network-city-officials-disclose/2017/01/27/d285a4a4-e4f5-11e6-ba11-63c4b4fb5a63_print.html Hotel Hit By Ransomware http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms Not So Private Android VPNs http://www.icir.org/vern/papers/vpn-apps-imc16.pdf Google Starting its own Certificate Authority https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html
ISC StormCast for Friday, January 27th 2017
IOCs: Risks of False Positive Floods https://isc.sans.edu/forums/diary/IOCs+Risks+of+False+Positive+Alerts+Flood+Ahead/21977/ Android Ransomware in Google Play Store http://blog.checkpoint.com/2017/01/24/charger-malware/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html#y2017 Facebook To Implement U2F (FIDO) Login https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766 WebEx Update https://bugs.chromium.org/p/project-zero/issues/detail?id=1100
ISC StormCast for Friday, January 27th 2017
IOCs: Risks of False Positive Floods https://isc.sans.edu/forums/diary/IOCs+Risks+of+False+Positive+Alerts+Flood+Ahead/21977/ Android Ransomware in Google Play Store http://blog.checkpoint.com/2017/01/24/charger-malware/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html#y2017 Facebook To Implement U2F (FIDO) Login https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766 WebEx Update https://bugs.chromium.org/p/project-zero/issues/detail?id=1100
ISC StormCast for Thursday, January 26th 2017
Cisco WebEx Remains Vulnerable. Other Browsers Affected https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Malicious SVG Files Fund in the Wild https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/ W2 Scams Hitting Again http://www.nbcdfw.com/news/local/Argyle-ISD-Employees-Hit-with-Data-Breach-411337825.html XXE Entity Vulnerability in Uber https://httpsonly.blogspot.co.ke/2017/01/0day-writeup-xxe-in-ubercom.html?m=1 Firefox 51 Released https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
ISC StormCast for Thursday, January 26th 2017
Cisco WebEx Remains Vulnerable. Other Browsers Affected https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Malicious SVG Files Fund in the Wild https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/ W2 Scams Hitting Again http://www.nbcdfw.com/news/local/Argyle-ISD-Employees-Hit-with-Data-Breach-411337825.html XXE Entity Vulnerability in Uber https://httpsonly.blogspot.co.ke/2017/01/0day-writeup-xxe-in-ubercom.html?m=1 Firefox 51 Released https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
ISC StormCast for Wednesday, January 25th 2017
Cisco Releases Patch for Chrome Webex Plugin https://continuum.cisco.com/2017/01/23/its-a-good-idea-to-patch-your-webex-chrome-extension-now/ Companies Fall For Fake Ransomware https://www.citrix.com/blogs/2017/01/24/bluff-ransomware-attacks-bamboozle-british-businesses/ systemd priviledge escalation vulnerablity http://www.openwall.com/lists/oss-security/2017/01/24/4 nginx update released http://nginx.org/en/CHANGES
ISC StormCast for Wednesday, January 25th 2017
Cisco Releases Patch for Chrome Webex Plugin https://continuum.cisco.com/2017/01/23/its-a-good-idea-to-patch-your-webex-chrome-extension-now/ Companies Fall For Fake Ransomware https://www.citrix.com/blogs/2017/01/24/bluff-ransomware-attacks-bamboozle-british-businesses/ systemd priviledge escalation vulnerablity http://www.openwall.com/lists/oss-security/2017/01/24/4 nginx update released http://nginx.org/en/CHANGES
ISC StormCast for Tuesday, January 24th 2017
Experimenting With IPv6 Fragments https://isc.sans.edu/forums/diary/How+to+Have+Fun+With+IPv6+Fragments+and+Scapy/21963/ Apple Updates Everything https://support.apple.com/en-us/HT201222 WebEx Secret Install URL https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 Vulnerability in Symantec Norton Download Manager https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00 Exploit for Microsoft RDC Client on Mac https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution
ISC StormCast for Tuesday, January 24th 2017
Experimenting With IPv6 Fragments https://isc.sans.edu/forums/diary/How+to+Have+Fun+With+IPv6+Fragments+and+Scapy/21963/ Apple Updates Everything https://support.apple.com/en-us/HT201222 WebEx Secret Install URL https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 Vulnerability in Symantec Norton Download Manager https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00 Exploit for Microsoft RDC Client on Mac https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution
ISC StormCast for Monday, January 23rd 2017
Sage 2.0 Ransomware https://isc.sans.edu/forums/diary/Sage+20+Ransomware/21959/ Starwars Twitter Botner https://regmedia.co.uk/2017/01/20/starwarsbotnet.pdf Symantec Messes Up SSL Certificates Again https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg05455.html Github CSP Experiences https://githubengineering.com/githubs-post-csp-journey/ Podcast Survey https://www.surveymonkey.com/r/sbn2017
ISC StormCast for Monday, January 23rd 2017
Sage 2.0 Ransomware https://isc.sans.edu/forums/diary/Sage+20+Ransomware/21959/ Starwars Twitter Botner https://regmedia.co.uk/2017/01/20/starwarsbotnet.pdf Symantec Messes Up SSL Certificates Again https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg05455.html Github CSP Experiences https://githubengineering.com/githubs-post-csp-journey/ Podcast Survey https://www.surveymonkey.com/r/sbn2017
ISC StormCast for Friday, January 20th 2017
Open Hadoop Instances Are At Risk http://www.threatgeek.com/2017/01/open-hadoop-installs-wiped-worldwide.html Upcoming SHA-1 Deadlines https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ Google "Verify Apps" Algorithm https://blog.google/topics/connected-workspaces/silence-speaks-louder-words-when-finding-malware/ Practical JSONP Injection https://securitycafe.ro/2017/01/18/practical-jsonp-injection/ Necurs Decline Huring Loky Distribution http://blog.talosintel.com/2017/01/locky-struggles.html
ISC StormCast for Friday, January 20th 2017
Open Hadoop Instances Are At Risk http://www.threatgeek.com/2017/01/open-hadoop-installs-wiped-worldwide.html Upcoming SHA-1 Deadlines https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ Google "Verify Apps" Algorithm https://blog.google/topics/connected-workspaces/silence-speaks-louder-words-when-finding-malware/ Practical JSONP Injection https://securitycafe.ro/2017/01/18/practical-jsonp-injection/ Necurs Decline Huring Loky Distribution http://blog.talosintel.com/2017/01/locky-struggles.html