A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
ISC StormCast for Friday, June 25th, 2021
Do You Like Cookies? Some are for sale! https://isc.sans.edu/forums/diary/Do+you+Like+Cookies+Some+are+for+sale/27558/ A supply-chain breach: Taking over an Atlassian account https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/23175805/Atlassian-ATO-CPR-blog-FINAL.pdf Dell Bios Connect Vulnerability https://eclypsium.com/2021/06/24/biosdisconnect/ ATM Jackpotting via NFC https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/
ISC StormCast for Friday, June 25th, 2021
Do You Like Cookies? Some are for sale! https://isc.sans.edu/forums/diary/Do+you+Like+Cookies+Some+are+for+sale/27558/ A supply-chain breach: Taking over an Atlassian account https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/23175805/Atlassian-ATO-CPR-blog-FINAL.pdf Dell Bios Connect Vulnerability https://eclypsium.com/2021/06/24/biosdisconnect/ ATM Jackpotting via NFC https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/
ISC StormCast for Thursday, June 24th, 2021
DNS Name Server Hijack Attack https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377 Paloalto Cortex XSOAR Vulnerablity https://security.paloaltonetworks.com/CVE-2021-3044 VMWare Carbon Black App Control Authentication Bypass https://www.vmware.com/security/advisories/VMSA-2021-0012.html? Standing With Security Researchers Against Misuse of the DMCA https://www.eff.org/deeplinks/2021/06/dmca-security-researcher-statement
ISC StormCast for Thursday, June 24th, 2021
DNS Name Server Hijack Attack https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377 Paloalto Cortex XSOAR Vulnerablity https://security.paloaltonetworks.com/CVE-2021-3044 VMWare Carbon Black App Control Authentication Bypass https://www.vmware.com/security/advisories/VMSA-2021-0012.html? Standing With Security Researchers Against Misuse of the DMCA https://www.eff.org/deeplinks/2021/06/dmca-security-researcher-statement
ISC StormCast for Wednesday, June 23rd, 2021
Phishing asking recipients not to report abuse https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/ PyPi Cryptomining Malware https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection Dovecot TLS Implementation Vulnerability https://hackerone.com/reports/1204962 (see the link to the PDF for more details) Sonicwall Patch Incomplete https://www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for-cve-2020-5135/
ISC StormCast for Wednesday, June 23rd, 2021
Phishing asking recipients not to report abuse https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/ PyPi Cryptomining Malware https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection Dovecot TLS Implementation Vulnerability https://hackerone.com/reports/1204962 (see the link to the PDF for more details) Sonicwall Patch Incomplete https://www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for-cve-2020-5135/
ISC StormCast for Tuesday, June 22nd, 2021
Attack and Defend: Distributed Web Applications (free Webcast) https://www.sans.org/webcasts/attack-defend-modern-distributed-applications-119610 Darkside Impersonators https://www.helpnetsecurity.com/2021/06/21/impersonating-darkside/ Tesla RAT COVID-19 Vaccination Phish https://threatpost.com/agent-tesla-covid-vax-phish/167082/ Tor Browser Update https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/ Schneider PowerLogic Vulnerabilities https://www.ehackingnews.com/2021/06/six-major-flaws-identified-in-schneider.html AutoCAD Update https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004
ISC StormCast for Tuesday, June 22nd, 2021
Attack and Defend: Distributed Web Applications (free Webcast) https://www.sans.org/webcasts/attack-defend-modern-distributed-applications-119610 Darkside Impersonators https://www.helpnetsecurity.com/2021/06/21/impersonating-darkside/ Tesla RAT COVID-19 Vaccination Phish https://threatpost.com/agent-tesla-covid-vax-phish/167082/ Tor Browser Update https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/ Schneider PowerLogic Vulnerabilities https://www.ehackingnews.com/2021/06/six-major-flaws-identified-in-schneider.html AutoCAD Update https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004
ISC StormCast for Monday, June 21st, 2021
Network Forensics on Azure VMs (Part #2) https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/ Google Open Redirect Being Abused https://isc.sans.edu/forums/diary/Open+redirects+and+why+Phishers+love+them/27542/ Easy Access to the NIST RDS Database https://isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/ iOS Wifi Bug https://blog.chichou.me/2021/06/20/quick-analysis-wifid/ NSA VoIP Security Guide https://media.defense.gov/2021/Jun/17/2002744054/-1/-1/1/CTR_DEPLOYING%20SECURE%20VVOIP%20SYSTEMS.PDF
ISC StormCast for Monday, June 21st, 2021
Network Forensics on Azure VMs (Part #2) https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/ Google Open Redirect Being Abused https://isc.sans.edu/forums/diary/Open+redirects+and+why+Phishers+love+them/27542/ Easy Access to the NIST RDS Database https://isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/ iOS Wifi Bug https://blog.chichou.me/2021/06/20/quick-analysis-wifid/ NSA VoIP Security Guide https://media.defense.gov/2021/Jun/17/2002744054/-1/-1/1/CTR_DEPLOYING%20SECURE%20VVOIP%20SYSTEMS.PDF
ISC StormCast for Friday, June 18th, 2021
Network Forensics on Azure VMs https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+1/27536/ Fake Ledger Hardware Wallets https://www.ledger.com/phishing-campaigns-status#phishing-campaigns https://www.reddit.com/r/ledgerwallet/comments/o154gz/package_from_ledger_is_this_legit/ Zoll Defibrilator Dashboard Vulnerability https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 Akamai Prolexic Outage https://threatpost.com/hiccup-akamais-ddos-outages/167004/
ISC StormCast for Friday, June 18th, 2021
Network Forensics on Azure VMs https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+1/27536/ Fake Ledger Hardware Wallets https://www.ledger.com/phishing-campaigns-status#phishing-campaigns https://www.reddit.com/r/ledgerwallet/comments/o154gz/package_from_ledger_is_this_legit/ Zoll Defibrilator Dashboard Vulnerability https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 Akamai Prolexic Outage https://threatpost.com/hiccup-akamais-ddos-outages/167004/
ISC StormCast for Thursday, June 17th, 2021
June 2021 Forensic Quiz https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest/27532/ ThroughTek IP Camera SDK Vulnerability https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/ Peleoton Insecure Boot Vulnerability https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-program-for-your-peloton-whether-you-like-it-or-not/ Microsoft Defender for Endpoint Detecting Jailbroken Devices https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730
ISC StormCast for Thursday, June 17th, 2021
June 2021 Forensic Quiz https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest/27532/ ThroughTek IP Camera SDK Vulnerability https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/ Peleoton Insecure Boot Vulnerability https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-program-for-your-peloton-whether-you-like-it-or-not/ Microsoft Defender for Endpoint Detecting Jailbroken Devices https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730
ISC StormCast for Wednesday, June 16th, 2021
Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more https://isc.sans.edu/forums/diary/Multi+Perimeter+Device+Exploit+Mirai+Version+Hunting+For+Sonicwall+DLink+Cisco+and+more/27528/ Google Open Sourcing Homomorphic Encrypion Libraries https://developers.googleblog.com/2021/06/our-latest-updates-on-fully-homomorphic-encryption.html Stealing Tokens, emails, files and more in Microsoft Teams https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138