A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
In Machines We Trust
A podcast about the automation of everything. Host Jennifer Strong and the team at MIT Technology Review look at what it means to entrust artificial intelligence with our most sensitive decisions.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Friday, October 21st, 2022
Forensic Value of Prefetch https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/ Microsoft TLS Fix https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5 CISA Releases ScubaGear to Audit M365 https://github.com/cisagov/ScubaGear HTTP/3 Connection Contamination https://portswigger.net/research/http-3-connection-contamination
ISC StormCast for Friday, October 21st, 2022
Forensic Value of Prefetch https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/ Microsoft TLS Fix https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5 CISA Releases ScubaGear to Audit M365 https://github.com/cisagov/ScubaGear HTTP/3 Connection Contamination https://portswigger.net/research/http-3-connection-contamination
ISC StormCast for Thursday, October 20th, 2022
Are Internet Scanning Services Good or Bad for You? https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164 FBI Warns of Student Loan Foregiveness Scams https://www.ic3.gov/Media/Y2022/PSA221018 Fully Undetectable Powershell Backdoor https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/
ISC StormCast for Thursday, October 20th, 2022
Are Internet Scanning Services Good or Bad for You? https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164 FBI Warns of Student Loan Foregiveness Scams https://www.ic3.gov/Media/Y2022/PSA221018 Fully Undetectable Powershell Backdoor https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/
ISC StormCast for Wednesday, October 19th, 2022
Python Obfuscation for Dummies https://isc.sans.edu/forums/diary/Python%20Obfuscation%20for%20Dummies/29160/ Oracle October 2022 Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2022.html Weak Encryption in Microsoft Office 365 https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation Tesla 3 Hack https://www.synacktiv.com/sites/default/files/2022-10/tesla_hexacon.pdf
ISC StormCast for Wednesday, October 19th, 2022
Python Obfuscation for Dummies https://isc.sans.edu/forums/diary/Python%20Obfuscation%20for%20Dummies/29160/ Oracle October 2022 Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2022.html Weak Encryption in Microsoft Office 365 https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation Tesla 3 Hack https://www.synacktiv.com/sites/default/files/2022-10/tesla_hexacon.pdf
ISC StormCast for Tuesday, October 18th, 2022
Fileless Powershell Dropper https://isc.sans.edu/forums/diary/Fileless%20Powershell%20Dropper/29156/ Apache Commons Text Vulnerablity https://www.openwall.com/lists/oss-security/2022/10/13/4 How a Microsoft Blunder Opened Millions of PCs to Potent Malware Attacks https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/
ISC StormCast for Tuesday, October 18th, 2022
Fileless Powershell Dropper https://isc.sans.edu/forums/diary/Fileless%20Powershell%20Dropper/29156/ Apache Commons Text Vulnerablity https://www.openwall.com/lists/oss-security/2022/10/13/4 How a Microsoft Blunder Opened Millions of PCs to Potent Malware Attacks https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/
ISC StormCast for Monday, October 17th, 2022
Horizon3 Publishes FortiOS Vulnerablity Details and Exploit https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/ More Exchange Vulnerability Workaround Bypasses https://twitter.com/wdormann/status/1576922677675102208 Analysis of a Malicious HTML File and QBot https://isc.sans.edu/forums/diary/Analysis+of+a+Malicious+HTML+File+QBot/29146 End of Life VMWare ESXi Versions https://www.lansweeper.com/eol/vmware-esxi-end-of-life/
ISC StormCast for Monday, October 17th, 2022
Horizon3 Publishes FortiOS Vulnerablity Details and Exploit https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/ More Exchange Vulnerability Workaround Bypasses https://twitter.com/wdormann/status/1576922677675102208 Analysis of a Malicious HTML File and QBot https://isc.sans.edu/forums/diary/Analysis+of+a+Malicious+HTML+File+QBot/29146 End of Life VMWare ESXi Versions https://www.lansweeper.com/eol/vmware-esxi-end-of-life/
ISC StormCast for Friday, October 14th, 2022
Alchimist Offensive Framework https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html#more VM2 Sandbox Vulnerability https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067 private npm package disclosure https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm Zimbra Updates https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27#Security_Fixes
ISC StormCast for Friday, October 14th, 2022
Alchimist Offensive Framework https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html#more VM2 Sandbox Vulnerability https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067 private npm package disclosure https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm Zimbra Updates https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27#Security_Fixes
ISC StormCast for Thursday, October 13th, 2022
Adobe October Patch Tuesday https://helpx.adobe.com/sa_en/security/security-bulletin.html Fortinet Guidance https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/ https://isc.sans.edu/forums/diary/Scans+for+old+Fortigate+Vulnerability+Building+Target+Lists/29142 Android VPN Issues https://mullvad.net/en/blog/2022/10/10/android-leaks-connectivity-check-traffic/ iOS VPN Issues https://9to5mac.com/2022/10/12/ios-vpn-apps-2/ Aruba Patches https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt
ISC StormCast for Thursday, October 13th, 2022
Adobe October Patch Tuesday https://helpx.adobe.com/sa_en/security/security-bulletin.html Fortinet Guidance https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/ https://isc.sans.edu/forums/diary/Scans+for+old+Fortigate+Vulnerability+Building+Target+Lists/29142 Android VPN Issues https://mullvad.net/en/blog/2022/10/10/android-leaks-connectivity-check-traffic/ iOS VPN Issues https://9to5mac.com/2022/10/12/ios-vpn-apps-2/ Aruba Patches https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt
ISC StormCast for Wednesday, October 12th, 2022
Microsoft October 2022 Patches https://isc.sans.edu/forums/diary/October%202022%20Microsoft%20Patch%20Tuesday/29138/ SAP Patchday https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 Top CVEs Actively Exploited By People s Republic of China State-Sponsored Cyber Actors https://www.cisa.gov/uscert/ncas/alerts/aa22-279a