A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
Linux For Everyone
A show about the thrilling world of desktop Linux, open-source software, and the community creating it. For beginners and veterans alike! Hosted by Jason Evangelho, Jerry Morrison and Schykle.
ISC StormCast for Wednesday, February 8th, 2023
A Survey of Bluetooth Vulnerabilities Trends https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522 OpenSSL Vulnerabilities / Patches https://www.openssl.org/news/secadv/20230207.txt Packet Tuesday: Most Frequent DNS Query ID / DNS Notify https://www.youtube.com/watch?v=QgCuE_zKyMY GoAnywhere MFT Patch Available (and PoC) https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html https://my.goanywhere.com/webclient/Dashboard.xhtml Qakbot Mechanizes Distribution of Malicous OneNote Notebooks https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
ISC StormCast for Wednesday, February 8th, 2023
A Survey of Bluetooth Vulnerabilities Trends https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522 OpenSSL Vulnerabilities / Patches https://www.openssl.org/news/secadv/20230207.txt Packet Tuesday: Most Frequent DNS Query ID / DNS Notify https://www.youtube.com/watch?v=QgCuE_zKyMY GoAnywhere MFT Patch Available (and PoC) https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html https://my.goanywhere.com/webclient/Dashboard.xhtml Qakbot Mechanizes Distribution of Malicous OneNote Notebooks https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
ISC StormCast for Tuesday, February 7th, 2023
Earthquake Scams https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518 APIs Used By Bots to Detect Public IP Addresses https://isc.sans.edu/diary/APIs+Used+by+Bots+to+Detect+Public+IP+address/29516/ OpenSSH Vulnerablity Details CVE 2023-25136 https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1 A Novel State-of-the-Art Redis Malware https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware?&web_view=true
ISC StormCast for Tuesday, February 7th, 2023
Earthquake Scams https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518 APIs Used By Bots to Detect Public IP Addresses https://isc.sans.edu/diary/APIs+Used+by+Bots+to+Detect+Public+IP+address/29516/ OpenSSH Vulnerablity Details CVE 2023-25136 https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1 A Novel State-of-the-Art Redis Malware https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware?&web_view=true
ISC StormCast for Monday, February 6th, 2023
Assemblyline as a Malware Analysis Sandbox https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510 GoAnywhere MFT zero-day Exploited https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/ Ransomware targeting VMware ESXi https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/ Jira Service Managment Server and Data Center Advisory CVE-2023-22501 https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html OpenSSH Update https://www.openssh.com/releasenotes.html F5 BigIP Vulnerability CVE-2023-22374 https://my.f5.com/manage/s/article/K000130415
ISC StormCast for Monday, February 6th, 2023
Assemblyline as a Malware Analysis Sandbox https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510 GoAnywhere MFT zero-day Exploited https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/ Ransomware targeting VMware ESXi https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/ Jira Service Managment Server and Data Center Advisory CVE-2023-22501 https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html OpenSSH Update https://www.openssh.com/releasenotes.html F5 BigIP Vulnerability CVE-2023-22374 https://my.f5.com/manage/s/article/K000130415
ISC StormCast for Friday, February 3rd, 2023
Rotating Packet Captures with pfSense https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500 BEC Group Incorporates Secondary Impersonated Personas https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks MalVirt .Net Virtualization Thrives in Malvertising Attacks https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/ Cisco Remote Code Execution with Persistence https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html
ISC StormCast for Friday, February 3rd, 2023
Rotating Packet Captures with pfSense https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500 BEC Group Incorporates Secondary Impersonated Personas https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks MalVirt .Net Virtualization Thrives in Malvertising Attacks https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/ Cisco Remote Code Execution with Persistence https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html
ISC StormCast for Thursday, February 2nd, 2023
Detecting Malicious OneNote Files https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494 Microsoft Defender Device Isolation for Linux https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400 SH1MMER Exploit for Chromebooks https://sh1mmer.me DOMPDF SVG Parsing Vulnerability https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
ISC StormCast for Thursday, February 2nd, 2023
Detecting Malicious OneNote Files https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494 Microsoft Defender Device Isolation for Linux https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400 SH1MMER Exploit for Chromebooks https://sh1mmer.me DOMPDF SVG Parsing Vulnerability https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
ISC StormCast for Wednesday, February 1st, 2023
DShield Honeypot Setup with pfSense https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490 Threat Actors Abusing Microsoft's "Verified Publisher" Status https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher PoS Malware Can Block Contactless Payments https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/ Detecting Files Exempt from Anti Malware Scans https://github.com/bananabr/TimeException
ISC StormCast for Wednesday, February 1st, 2023
DShield Honeypot Setup with pfSense https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490 Threat Actors Abusing Microsoft's "Verified Publisher" Status https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher PoS Malware Can Block Contactless Payments https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/ Detecting Files Exempt from Anti Malware Scans https://github.com/bananabr/TimeException
ISC StormCast for Tuesday, January 31st, 2023
Decoding DNS over HTTP(s) Requests https://isc.sans.edu/diary/Decoding%20DNS%20over%20HTTP%28s%29%20Requests/29488 Action Needed for GitHub Desktop and Atom Users https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/ GitHub Checksum Mismatches for .tar.gz Files https://github.com/orgs/community/discussions/45830 Facebook 2FA Bypass https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c Fortinet Exploit https://wzt.ac.cn/2022/12/15/CVE-2022-42475/ QNAP Vulnerability https://www.qnap.com/en/security-advisory/qsa-23-01
ISC StormCast for Tuesday, January 31st, 2023
Decoding DNS over HTTP(s) Requests https://isc.sans.edu/diary/Decoding%20DNS%20over%20HTTP%28s%29%20Requests/29488 Action Needed for GitHub Desktop and Atom Users https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/ GitHub Checksum Mismatches for .tar.gz Files https://github.com/orgs/community/discussions/45830 Facebook 2FA Bypass https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c Fortinet Exploit https://wzt.ac.cn/2022/12/15/CVE-2022-42475/ QNAP Vulnerability https://www.qnap.com/en/security-advisory/qsa-23-01
ISC StormCast for Monday, January 30th, 2023
Microsoft Tips to Patch Your Exchange Servers https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001 FCC Treatens to Take Action Against Twilio over Robocalls https://www.fcc.gov/document/fcc-takes-mortgage-scam-robocall-campaign-targeting-homeowners PlugX Variant Spreads via USB https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/ Adware in Google Play Store https://news.drweb.com/show/review/?lng=en&i=14652 Tails 5.9 Update https://tails.boum.org/news/version_5.9/index.de.html