A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
Android Bytes (powered by Esper)
Android Bytes (powered by Esper) is the podcast that dives deep into the engineering and business decisions behind the world’s most popular OS. https://www.esper.io
Android powers over 3 billion devices worldwide and is the platform of choice for over a thousand companies. You’ll find Android on smartphones, tablets, watches, TV, cars, kiosks, and so much more. How does Google architect Android to run on so many form factors, and how do companies fork AOSP to make it run on even more devices? These are the kinds of questions the Android Bytes podcast considers each week.
Join cohosts Mishaal Rahman and David Ruddock, two journalists with extensive knowledge covering the Android OS platform and ecosystem, as they speak to system architects, kernel engineers, app developers, and other distinguished experts in the Android space.
Get in touch with us at Esper.io if you’re looking to use Android for your product — we have the experience you need.
ISC StormCast for Friday, December 13th, 2024
Windows 11 and TPM https://techcommunity.microsoft.com/blog/windows-itpro-blog/tpm-2-0-%E2%80%93-a-necessity-for-a-secure-and-future-proof-windows-11/4339066 https://www.forbes.com/sites/zakdoffman/2024/12/12/microsoft-warns-400-million-windows-users-do-not-update-your-pc/ Microsoft Azure MFA Bypass https://www.oasis.security/resources/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass Struts 2 Arbitrary File Upload CVE-2024-53677 https://cwiki.apache.org/confluence/display/WW/S2-067 Russian actor Secret Blizzard using tools of other groups to attack Ukraine https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/
ISC StormCast for Thursday, December 12th, 2024
Vulnerability Symbiosis: vSphere's CVE-2024-38812 and CVE-2024-38813 https://isc.sans.edu/diary/Vulnerability%20Symbiosis%3A%20vSphere%3Fs%20CVE-2024-38812%20and%20CVE-2024-38813%20%5BGuest%20Diary%5D/31510 Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS) https://isc.sans.edu/diary/Apple+Updates+Everything+iOS+iPadOS+macOS+watchOS+tvOS+visionOS/31514/ Widespread exploitation of Cleo file transfer software (CVE-2024-50623) https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild https://labs.watchtowr.com/cleo-cve-2024-50623/
ISC StormCast for Wednesday, December 11th, 2024
Microsoft Patch Tuesday December 2024 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20December%202024/31508 Ivanty Security Advisory https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US Visual Studio Code Tunnels https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/ Mitigating NTLM Relay Attacks https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/
ISC StormCast for Tuesday, December 10th, 2024
CURLing for Crypto on Honeypots https://isc.sans.edu/diary/CURLing%20for%20Crypto%20on%20Honeypots/31502 Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/ Android Monthly Update https://source.android.com/docs/security/bulletin/pixel/2024-12-01 RCS Not Always Encrypted https://daringfireball.net/linked/2024/12/04/shame-on-google-messages
ISC StormCast for Monday, December 9th, 2024
Bypassing WAFs with the Phantom Version Cookie https://portswigger.net/research/bypassing-wafs-with-the-phantom-version-cookie URL File NTLM Hash Disclosure https://blog.0patch.com/2024/12/url-file-ntlm-hash-disclosure.html Ultralytics Library Infected with Miner https://github.com/ultralytics/ultralytics/issues/18027#issuecomment-2521578169 DaMAgeCard attack targets memory directly thru SD card reader https://swarm.ptsecurity.com/new-dog-old-tricks-damagecard-attack-targets-memory-directly-thru-sd-card-reader/
ISC StormCast for Friday, December 6th, 2024
Business E-Mail Compromise https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Business%20Email%20Compromise/31474 Where There s Smoke, There s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 Lorex 2K Indoor Wi-Fi Security Camera https://www.rapid7.com/globalassets/_pdfs/research/pwn2own-iot-2024-lorex-2k-indoor-wi-fi-security-camera-research.pdf https://www.lorex.com/products/2k-indoor-wi-fi-security-camera HPE Aruba Vulnerabilities https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US Alan Paller Inducted into the Cybersecurity Hall of Fame https://cybersecurityhalloffame.org/
ISC StormCast for Thursday, December 5th, 2024
Data Analysis: The Unsung Hero of Cybersecurity Expertise https://isc.sans.edu/diary/Data%20Analysis%3A%20The%20Unsung%20Hero%20of%20Cybersecurity%20Expertise%20%5BGuest%20Diary%5D/31494 FBI Warns iPhone and Android Users Stop Sending Texts https://www.forbes.com/sites/zakdoffman/2024/12/03/fbi-warns-iphone-and-android-users-stop-sending-texts/ IdentityIQ Improper Access Control Vulnerability CVE-2024-10905 https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905 Solana web3.js Backdoor https://socket.dev/blog/supply-chain-attack-solana-web3-js-library
ISC StormCast for Wednesday, December 4th, 2024
Extracting Files Embedded Inside Word Documents https://isc.sans.edu/diary/Extracting%20Files%20Embedded%20Inside%20Word%20Documents/31486 Korea arrests CEO for adding DDoS feature to satellite receivers https://www.bleepingcomputer.com/news/security/korea-arrests-ceo-for-adding-ddos-feature-to-satellite-receivers/ Veeam Vulnerabilities https://www.veeam.com/kb4679 WPTaskScheduler Presistence and CVE-2024-49039 PoC https://github.com/je5442804/WPTaskScheduler_CVE-2024-49039
ISC StormCast for Tuesday, December 3rd, 2024
Credential Guard and Kerberos delegation https://isc.sans.edu/diary/Credential%20Guard%20and%20Kerberos%20delegation/31488 The Day We Unveiled the Secret Rotation Illusion https://www.clutch.security/blog/the-day-we-unveiled-the-secret-rotation-illusion Corrupt Word Documents used in Phshing https://x.com/anyrun_app/status/1861024182210900357 IBM Security Verify Access Appliance Vulnerabilities https://www.ibm.com/support/pages/security-bulletin-multiple-security-vulnerabilities-were-found-ibm-security-verify-access-appliance-cve-2024-49803-cve-2024-49804-cve-2024-49805-cve-2024-49806
ISC StormCast for Monday, December 2nd, 2024
AWS DShield Sensor + DShield SIEM https://isc.sans.edu/diary/SANS%20ISC%20Internship%20Setup%3A%20AWS%20DShield%20Sensor%20%2B%20DShield%20SIEM%20%5BGuest%20Diary%5D/31480 From a Regular Infostealer to its Obfuscated Version https://isc.sans.edu/diary/From%20a%20Regular%20Infostealer%20to%20its%20Obfuscated%20Version/31484 Credit Card Skimmer Malware Targeting Magento Checkout Pages https://blog.sucuri.net/2024/11/credit-card-skimmer-malware-targeting-magento-checkout-pages.html LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux Stickers: https://isc.sans.edu/stickers.html (code PODCAST)
ISC StormCast for Wednesday, November 27th, 2024
Using Zeek, Snort, and Grafana to Detect Crypto Mining Malware https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Using%20Zeek%2C%20Snort%2C%20and%20Grafana%20to%20Detect%20Crypto%20Mining%20Malware/31472 The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/ Introducing NachoVPN: One VPN Server to Pwn Them All https://blog.amberwolf.com/blog/2024/november/introducing-nachovpn---one-vpn-server-to-pwn-them-all/ Keycloak Patches https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3 Palo Alto Networks Global Protect App https://security.paloaltonetworks.com/CVE-2024-5921 PHP Updates https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff
ISC StormCast for Tuesday, November 26th, 2024
Quick & Dirty Obfuscated JavaScript Analysis https://isc.sans.edu/diary/Quick%20%26%20Dirty%20Obfuscated%20JavaScript%20Analysis/31468 Decrypting a PDF With a User Password https://isc.sans.edu/diary/Decrypting%20a%20PDF%20With%20a%20User%20Password/31466 The strange case of disappearing Russian servers https://isc.sans.edu/diary/The%20strange%20case%20of%20disappearing%20Russian%20servers/31476 QNAP Buggy Firmware Update https://community.qnap.com/t/firmware-qts-5-2-2-2950-build-20241114-released/254 7-ZIP Zstandard Decompression Integer Underflow https://www.zerodayinitiative.com/advisories/ZDI-24-1532/ https://7-zip.org/download.html
ISC StormCast for Friday, November 22nd, 2024
Increase In Phishing SVG Attachments https://isc.sans.edu/diary/Increase%20In%20Phishing%20SVG%20Attachments/31456 Logging blind spot revealed in FortiClient VPN https://pentera.io/blog/FortiClient-VPN_logging-blind-spot-revealed/ Needrestart Vulnerability https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
ISC StormCast for Thursday, November 21st, 2024
Apple Patches Two Exploited Vulnerabilities https://isc.sans.edu/diary/Apple%20Fixes%20Two%20Exploited%20Vulnerabilities/31452 Oracle Patch for Agile Product Lifecycle Management CVE-2024-21287 https://www.oracle.com/security-alerts/alert-cve-2024-21287.html OFBiz Patches CVE-2024-47208 CVE-2024-48962 https://nvd.nist.gov/vuln/detail/CVE-2024-47208 https://seclists.org/oss-sec/2024/q4/95 D-Link Warns of Vulnerability in EOL Devices https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10415
ISC StormCast for Wednesday, November 20th, 2024
Detecting the Presence of a Debugger in Linux https://isc.sans.edu/diary/Detecting%20the%20Presence%20of%20a%20Debugger%20in%20Linux/31450 Palo Alto Patches https://security.paloaltonetworks.com/CVE-2024-0012 https://security.paloaltonetworks.com/CVE-2024-9474 VMware vCenter Server Attacks https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968e Veritas Enterprise Vault Vulnerability https://www.veritas.com/support/en_US/security/VTS24-014