A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
Linux For Everyone
A show about the thrilling world of desktop Linux, open-source software, and the community creating it. For beginners and veterans alike! Hosted by Jason Evangelho, Jerry Morrison and Schykle.
ISC StormCast for Tuesday, June 6th, 2023
Brute Forcing Simple Archive Passwords https://isc.sans.edu/diary/Brute%20Forcing%20Simple%20Archive%20Passwords/29914 KeePass 2.54 Released https://keepass.info/news/n230603_2.54.html Splunk Advisories https://advisory.splunk.com/advisories Malicious Google Chrome Extensions https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/ Symantec Updates https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217
ISC StormCast for Monday, June 5th, 2023
Critical Vulnerability in MoveIT Transfer Actively Exploited https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/ https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft Atomic Wallet Compromise https://www.bleepingcomputer.com/news/security/atomic-wallet-hacks-lead-to-over-35-million-in-crypto-stolen/ Magecart Update https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains
ISC StormCast for Monday, June 5th, 2023
Critical Vulnerability in MoveIT Transfer Actively Exploited https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/ https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft Atomic Wallet Compromise https://www.bleepingcomputer.com/news/security/atomic-wallet-hacks-lead-to-over-35-million-in-crypto-stolen/ Magecart Update https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains
ISC StormCast for Friday, June 2nd, 2023
After 28 Years, SSLv2 is Still Not Gone https://isc.sans.edu/forums/diary/After%2028%20years%2C%20SSLv2%20is%20still%20not%20gone%20from%20the%20internet...%20but%20we're%20getting%20there/29908/ Operation Triangulation: iOS Devices Targeted With Previously Unknown Malware https://securelist.com/operation-triangulation/109842/ MOVEit Transfer Criticial Vulnerability https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 Code Injection Vulnerablity in Reportlab Python Library https://github.com/c53elyas/CVE-2023-33733
ISC StormCast for Friday, June 2nd, 2023
After 28 Years, SSLv2 is Still Not Gone https://isc.sans.edu/forums/diary/After%2028%20years%2C%20SSLv2%20is%20still%20not%20gone%20from%20the%20internet...%20but%20we're%20getting%20there/29908/ Operation Triangulation: iOS Devices Targeted With Previously Unknown Malware https://securelist.com/operation-triangulation/109842/ MOVEit Transfer Criticial Vulnerability https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 Code Injection Vulnerablity in Reportlab Python Library https://github.com/c53elyas/CVE-2023-33733
ISC StormCast for Thursday, June 1st, 2023
Apache NiFi Attacks https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900 Gigabyte App Center Backdoor; https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/ Salesforce Ghost Sites https://www.varonis.com/blog/salesforce-ghost-sites CVE-2023-34152: Shell Command Injection in ImageMagick https://securityonline.info/cve-2023-34152-shell-command-injection-bug-affecting-imagemagick/
ISC StormCast for Thursday, June 1st, 2023
Apache NiFi Attacks https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900 Gigabyte App Center Backdoor; https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/ Salesforce Ghost Sites https://www.varonis.com/blog/salesforce-ghost-sites CVE-2023-34152: Shell Command Injection in ImageMagick https://securityonline.info/cve-2023-34152-shell-command-injection-bug-affecting-imagemagick/
ISC StormCast for Wednesday, May 31st, 2023
Malspam Pushes ModiLoader Infection for Remocs Rat https://isc.sans.edu/diary/Malspam%20pushes%20ModiLoader%20%28DBatLoader%29%20infection%20for%20Remcos%20RAT/29896 MacOS SIP Bypass https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/ OpenSSL Update https://www.openssl.org/news/secadv/20230530.txt Barracuda Email Security Gateway Applicance Vulnerability Details https://www.barracuda.com/company/legal/esg-vulnerability#:~:text=the%20section%20below.-,Endpoint%20IOCs,-Table%204%20lists Void Rabisu RomCom Backdoor https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html Nextcloud Vulnerability https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54 Zyxel NAS Vulnerability https://sternumiot.com/iot-blog/ntp-textbox-vulnerability-in-zyxel-nas326-nas540-and-nas542-devices/ Wait Just An Infosec: Higher Ed https://www.youtube.com/watch?v=ufEuo-096yc&list=PLtgaAEEmVe6B2kqkE9KdgPJdtbqNiaiOn&index=8
ISC StormCast for Wednesday, May 31st, 2023
Malspam Pushes ModiLoader Infection for Remocs Rat https://isc.sans.edu/diary/Malspam%20pushes%20ModiLoader%20%28DBatLoader%29%20infection%20for%20Remcos%20RAT/29896 MacOS SIP Bypass https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/ OpenSSL Update https://www.openssl.org/news/secadv/20230530.txt Barracuda Email Security Gateway Applicance Vulnerability Details https://www.barracuda.com/company/legal/esg-vulnerability#:~:text=the%20section%20below.-,Endpoint%20IOCs,-Table%204%20lists Void Rabisu RomCom Backdoor https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html Nextcloud Vulnerability https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54 Zyxel NAS Vulnerability https://sternumiot.com/iot-blog/ntp-textbox-vulnerability-in-zyxel-nas326-nas540-and-nas542-devices/ Wait Just An Infosec: Higher Ed https://www.youtube.com/watch?v=ufEuo-096yc&list=PLtgaAEEmVe6B2kqkE9KdgPJdtbqNiaiOn&index=8
ISC StormCast for Tuesday, May 30th, 2023
Analyzing Office Documents Embedded Inside PowerPoint Files https://isc.sans.edu/diary/Analyzing%20Office%20Documents%20Embedded%20Inside%20PPT%20%28PowerPoint%29%20Files/29894 DocuSign Themed Email Leads to Script-Based Infection https://isc.sans.edu/diary/DocuSign-themed%20email%20leads%20to%20script-based%20infection/29888 File Archiver In The Browser https://mrd0x.com/file-archiver-in-the-browser/ Securing PyPI accounts via Two-Factor Authentication https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/ Apache Casandra Vulnerabilities https://lists.apache.org/thread/mwd02nrw2go8shg29rnp3o4hgompvkp5 MOXA MXsecurity Vulerabilities https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities
ISC StormCast for Tuesday, May 30th, 2023
Analyzing Office Documents Embedded Inside PowerPoint Files https://isc.sans.edu/diary/Analyzing%20Office%20Documents%20Embedded%20Inside%20PPT%20%28PowerPoint%29%20Files/29894 DocuSign Themed Email Leads to Script-Based Infection https://isc.sans.edu/diary/DocuSign-themed%20email%20leads%20to%20script-based%20infection/29888 File Archiver In The Browser https://mrd0x.com/file-archiver-in-the-browser/ Securing PyPI accounts via Two-Factor Authentication https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/ Apache Casandra Vulnerabilities https://lists.apache.org/thread/mwd02nrw2go8shg29rnp3o4hgompvkp5 MOXA MXsecurity Vulerabilities https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities
ISC StormCast for Friday, May 26th, 2023
IR Case/Alert Management https://isc.sans.edu/diary/IR%20Case%20Alert%20Management/29880 Exploit for CVE-2023-2825 GitLab Vulnerability https://github.com/Occamsec/CVE-2023-2825 Expo Framework OAUTH Vulnerability CVE-2023-28131 https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services Mitel MiVoice Vulnerability CVE-2023-31457 CVE-2023-32748 https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004 D-Link Vulnerabilities https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332
ISC StormCast for Friday, May 26th, 2023
IR Case/Alert Management https://isc.sans.edu/diary/IR%20Case%20Alert%20Management/29880 Exploit for CVE-2023-2825 GitLab Vulnerability https://github.com/Occamsec/CVE-2023-2825 Expo Framework OAUTH Vulnerability CVE-2023-28131 https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services Mitel MiVoice Vulnerability CVE-2023-31457 CVE-2023-32748 https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004 D-Link Vulnerabilities https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332
ISC StormCast for Thursday, May 25th, 2023
More Data Enrichment for Cowrie Logs https://isc.sans.edu/diary/More%20Data%20Enrichment%20for%20Cowrie%20Logs/29878 Volt Typhoon: Living of the Land https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF Android App Breaking Bad https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/ Zyxel Updates https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls Baracuda Email Security Gateway Vulnerability https://status.barracuda.com/incidents/34kx82j5n4q9 Gitlab Patch https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/
ISC StormCast for Thursday, May 25th, 2023
More Data Enrichment for Cowrie Logs https://isc.sans.edu/diary/More%20Data%20Enrichment%20for%20Cowrie%20Logs/29878 Volt Typhoon: Living of the Land https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF Android App Breaking Bad https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/ Zyxel Updates https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls Baracuda Email Security Gateway Vulnerability https://status.barracuda.com/incidents/34kx82j5n4q9 Gitlab Patch https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/