A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
ISC StormCast for Thursday, November 21st, 2024
Apple Patches Two Exploited Vulnerabilities https://isc.sans.edu/diary/Apple%20Fixes%20Two%20Exploited%20Vulnerabilities/31452 Oracle Patch for Agile Product Lifecycle Management CVE-2024-21287 https://www.oracle.com/security-alerts/alert-cve-2024-21287.html OFBiz Patches CVE-2024-47208 CVE-2024-48962 https://nvd.nist.gov/vuln/detail/CVE-2024-47208 https://seclists.org/oss-sec/2024/q4/95 D-Link Warns of Vulnerability in EOL Devices https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10415
ISC StormCast for Wednesday, November 20th, 2024
Detecting the Presence of a Debugger in Linux https://isc.sans.edu/diary/Detecting%20the%20Presence%20of%20a%20Debugger%20in%20Linux/31450 Palo Alto Patches https://security.paloaltonetworks.com/CVE-2024-0012 https://security.paloaltonetworks.com/CVE-2024-9474 VMware vCenter Server Attacks https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968e Veritas Enterprise Vault Vulnerability https://www.veritas.com/support/en_US/security/VTS24-014
ISC StormCast for Tuesday, November 19th, 2024
Exploit attempts for unpatched Citrix vulnerability CVE-2024-8068/CVE-2024-8069 https://isc.sans.edu/diary/Exploit+attempts+for+unpatched+Citrix+vulnerability/31446 https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US Microsoft Power Pages: Data Exposure Reviewed https://appomni.com/ao-labs/microsoft-power-pages-data-exposure-reviewed/ Zohocorp ManageEngine ADAudit Plus Vulnerable To SQL Injection Attacks CVE-2024-49574 https://www.manageengine.com/products/active-directory-audit/cve-2024-49574.html
ISC StormCast for Monday, November 18th, 2024
Ancient TP-Link Backdoor Discovered by Attackers https://isc.sans.edu/diary/Ancient%20TP-Link%20Backdoor%20Discovered%20by%20Attackers/31442 GitHub Projects Targeted with Malicious Commits To Frame Researchers https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/ PaloAlto and Fortinet Vulnerabilities https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/ https://security.paloaltonetworks.com/PAN-SA-2024-0015 https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/
ISC StormCast for Wednesday, November 13th, 2024
Microsoft November 2024 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20November%202024%20Patch%20Tuesday/31438 CISA Top Routinely Exploited Vulnerabilities https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a APT Actors Embed Malware within macOS Flutter Applications https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
ISC StormCast for Tuesday, November 12th, 2024
PDF Object Streams https://isc.sans.edu/diary/PDF%20Object%20Streams/31430 Mazda Infotainment Vulnerabilities https://www.zerodayinitiative.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight https://workos.com/blog/ruby-saml-cve-2024-45409 Veeam Backup Enterprise Manager Vulnerability https://www.veeam.com/kb4682 Security Update for Dell Enterprise SONiC Distribution Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities Easy Access to Information for Conducting Fraudulent Emergency Data Requests Impacts US-Based Companies and Law Enforcement Agencies https://www.ic3.gov/CSA/2024/241104.pdf
ISC StormCast for Monday, November 11th, 2024
zipdump and pkzip records https://isc.sans.edu/diary/zipdump%20%26%20PKZIP%20Records/31428 Am I Isolated https://github.com/edera-dev/am-i-isolated Locked iPhones Reboot https://www.404media.co/police-freak-out-at-iphones-mysteriously-rebooting-themselves-locking-cops-out/ https://x.com/naehrdine/status/1854896392797360484 Palo Alto Networks Bulletin https://security.paloaltonetworks.com/PAN-SA-2024-0015 D-Link Vulnerability https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07
ISC StormCast for Friday, November 8th, 2024
Steam Account Checker Poisoned with Infostealer https://isc.sans.edu/diary/Steam%20Account%20Checker%20Poisoned%20with%20Infostealer/31420 Cisco Ultra Reliable Wireless Backhaul Vulnerability https://www.cisco.com/site/us/en/products/networking/industrial-wireless/ultra-reliable-wireless-backhaul/index.html Breaking Down Multipart Parsers: File upload validation bypass https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/ Evasive ZIP Concatenation: Trojan Targets Windows Users https://perception-point.io/blog/evasive-concatenated-zip-trojan-targets-windows-users/ Veeam Backup Enterprise Manager Vulnerability (CVE-2024-40715) https://www.veeam.com/kb4682 SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge-2024
ISC StormCast for Thursday, November 7th, 2024
Insights from August Web Traffic Surge https://isc.sans.edu/forums/diary/%5BGuest%20Diary%5D%20Insights%20from%20August%20Web%20Traffic%20Surge/31408/ Talkative Air Fryer https://www.which.co.uk/policy-and-insight/article/why-is-my-air-fryer-spying-on-me-which-reveals-the-smart-devices-gathering-your-data-and-where-they-send-it-a9Fa24K6gY1c Pygmy Goat Malware Report https://www.ncsc.gov.uk/section/keep-up-to-date/malware-analysis-reports Apple CVE-2024-44258 PoC Exploit https://github.com/ifpdz/CVE-2024-44258 HPE Arruba vulnerabilities https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
ISC StormCast for Wednesday, November 6th, 2024
Python RAT with a Nice Screensharing Feature https://isc.sans.edu/diary/Python%20RAT%20with%20a%20Nice%20Screensharing%20Feature/31414 Android Security Bulletin November 2024 https://source.android.com/docs/security/bulletin/2024-11-01 Malware Delivered as Virtual Machine https://www.securonix.com/blog/crontrap-emulated-linux-environments-as-the-latest-tactic-in-malware-staging/ Fake Docusign Invoices https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/
ISC StormCast for Tuesday, November 5th, 2024
Analyzing an Encrypted Phishing PDF https://isc.sans.edu/diary/Analyzing%20an%20Encrypted%20Phishing%20PDF/31404 Okta Verify Desktop MFA For Windows Password Less Login CVE-2024-9191 https://trust.okta.com/security-advisories/okta-verify-desktop-mfa-for-windows-passwordless-login-cve-2024-9191/ QNAP QuRouter Vulnerability and Patch https://www.qnap.com/en/security-advisory/qsa-24-45 From Naptime to Big Sleep https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html Authenticated SQL injection vulnerability - ManageEngine ADManager Plus CVE-2024-48878 https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html
ISC StormCast for Monday, November 4th, 2024
October Activity with Username chenzilong https://isc.sans.edu/diary/October%202024%20Activity%20with%20Username%20chenzilong/31400 qpdf Extracting PDF Streams https://isc.sans.edu/diary/qpdf%3A%20Extracting%20PDF%20Streams/31406 Okta bcrypt issue https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/ https://medium.com/@rajat29gupta/how-bcrypts-limitations-contributed-to-okta-s-vulnerability-a-lesson-for-developers-39425c644ed5 Synology Vulnerabilities https://www.synology.com/de-de/security/advisory/Synology_SA_24_19 https://www.synology.com/de-de/security/advisory/Synology_SA_24_18 Lastpass Fake Reviews https://blog.lastpass.com/posts/fake-web-store-reviews-attempting-to-steal-customer-data
ISC StormCast for Thursday, October 31st, 2024
Scans for RDP Gateways https://isc.sans.edu/diary/Scans%20for%20RDP%20Gateways/31398 CyberPanel Exploited https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/ Windows Themes Files Spoofing CVE-2024-38030 https://blog.0patch.com/2024/10/we-patched-cve-2024-38030-found-another.html QNAP Patches CVE-2024-50388, CVE-2024-50387 https://www.qnap.com/en/security-advisory/qsa-24-41 Facebook Malvertising https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/
ISC StormCast for Wednesday, October 30th, 2024
Critical RCE Vulnerabilty in Cyberpanel https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce Spring WebFlux Vulnerability https://access.redhat.com/security/cve/cve-2024-38821 https://spring.io/security/cve-2024-38821 Inbound SMTP DANE with DNSSEC for Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292 HeptaX: Unauthorized RDP Connections for Cyberespionage Operations https://cyble.com/blog/heptax-unauthorized-rdp-connections-for-cyberespionage-operations/
ISC StormCast for Tuesday, October 29th, 2024
Apple Update Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything/31390 Selfcontained HTML Phishing Attachment Using Telegram to Exfiltrate Credentials https://isc.sans.edu/diary/Selfcontained+HTML+phishing+attachment+using+Telegram+to+exfiltrate+stolen+credentials/31388/ ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE Exploits https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits