A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
In Machines We Trust
A podcast about the automation of everything. Host Jennifer Strong and the team at MIT Technology Review look at what it means to entrust artificial intelligence with our most sensitive decisions.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Wednesday, October 12th, 2022
Microsoft October 2022 Patches https://isc.sans.edu/forums/diary/October%202022%20Microsoft%20Patch%20Tuesday/29138/ SAP Patchday https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 Top CVEs Actively Exploited By People s Republic of China State-Sponsored Cyber Actors https://www.cisa.gov/uscert/ncas/alerts/aa22-279a
ISC StormCast for Tuesday, October 11th, 2022
Wireshark Display Filter Update https://isc.sans.edu/forums/diary/Wireshark+Specifying+a+Protocol+Stack+Layer+in+Display+Filters/29130 Fortinet Vulnerablity Update https://twitter.com/Horizon3Attack/status/1579285863108087810 BazarCall Social Engineering Tactics https://www.trellix.com/en-us/about/newsroom/stories/research/evolution-of-bazarcall-social-engineering-tactics.html RPKI Rate Limiting https://www.usenix.org/system/files/sec22-hlavacek.pdf
ISC StormCast for Tuesday, October 11th, 2022
Wireshark Display Filter Update https://isc.sans.edu/forums/diary/Wireshark+Specifying+a+Protocol+Stack+Layer+in+Display+Filters/29130 Fortinet Vulnerablity Update https://twitter.com/Horizon3Attack/status/1579285863108087810 BazarCall Social Engineering Tactics https://www.trellix.com/en-us/about/newsroom/stories/research/evolution-of-bazarcall-social-engineering-tactics.html RPKI Rate Limiting https://www.usenix.org/system/files/sec22-hlavacek.pdf
ISC StormCast for Monday, October 10th, 2022
Fortinet Update https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/760203/introduction-and-supported-models Zimbra Vulnerability https://twitter.com/iagox86/status/1578084484720734209 https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis?referrer=activityFeed Microsoft Exchange Workaround Improved Again https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ Ikea Smart Bulb Exploit https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/
ISC StormCast for Monday, October 10th, 2022
Fortinet Update https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/760203/introduction-and-supported-models Zimbra Vulnerability https://twitter.com/iagox86/status/1578084484720734209 https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis?referrer=activityFeed Microsoft Exchange Workaround Improved Again https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ Ikea Smart Bulb Exploit https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/
ISC StormCast for Friday, October 7th, 2022
Infosec Calendar https://isc.sans.edu/forums/diary/What+is+in+your+Infosec+Calendar/29118 OnionPoison: infected Tor Browser installer distributed through popular YouTube channel https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/ MacOS Architve Utility Vulnerability Details https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/
ISC StormCast for Friday, October 7th, 2022
Infosec Calendar https://isc.sans.edu/forums/diary/What+is+in+your+Infosec+Calendar/29118 OnionPoison: infected Tor Browser installer distributed through popular YouTube channel https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/ MacOS Architve Utility Vulnerability Details https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/
ISC StormCast for Wednesday, October 5th, 2022
Credential Harvesting with Telegram https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/ Updated Microsoft Exchange Fix https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization https://www.cisa.gov/uscert/ncas/alerts/aa22-277a A New Supply Chain Attack on PHP https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-attack-on-php/
ISC StormCast for Wednesday, October 5th, 2022
Credential Harvesting with Telegram https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/ Updated Microsoft Exchange Fix https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization https://www.cisa.gov/uscert/ncas/alerts/aa22-277a A New Supply Chain Attack on PHP https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-attack-on-php/
ISC StormCast for Tuesday, October 4th, 2022
Microsoft Exchange Vulnerability Fix Bypassed https://twitter.com/testanull/status/1576774007826718720 Schneider Electric UMAS Patch Bypass https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/ Supply Chain Attack via Trojanized Comm100 Chat Installer https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
ISC StormCast for Tuesday, October 4th, 2022
Microsoft Exchange Vulnerability Fix Bypassed https://twitter.com/testanull/status/1576774007826718720 Schneider Electric UMAS Patch Bypass https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/ Supply Chain Attack via Trojanized Comm100 Chat Installer https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
ISC StormCast for Monday, October 3rd, 2022
Microsoft Exchange 0-Day Update https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106 https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/ CISA Adds Atlasian Bitbucket Vulnerability to Exploited List https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog Every unsandboxed app has Full Disk Access if Terminal Does https://lapcatsoftware.com/articles/FullDiskAccess.html
ISC StormCast for Monday, October 3rd, 2022
Microsoft Exchange 0-Day Update https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106 https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/ CISA Adds Atlasian Bitbucket Vulnerability to Exploited List https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog Every unsandboxed app has Full Disk Access if Terminal Does https://lapcatsoftware.com/articles/FullDiskAccess.html
ISC StormCast for Friday, September 30th, 2022
PNG Analysis with pngdump.py https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/ Possible Exchange Server 0-Day Vulnerability https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html https://success.trendmicro.com/dcx/s/solution/000291651?language=en_US Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
ISC StormCast for Friday, September 30th, 2022
PNG Analysis with pngdump.py https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/ Possible Exchange Server 0-Day Vulnerability https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html https://success.trendmicro.com/dcx/s/solution/000291651?language=en_US Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence