A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
CppCast
Every two weeks, or so, we sit down with guests from the C++ community to discuss the latest news and what they have been up to. Find us at cppcast.com
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Wednesday, July 31st, 2024
Apple Updates Everything: July 2024 Edition https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20July%202024%20Edition/31128 VMWare ESXi Vulnerability Actively Exploited CVE-2024-37085 https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/ Weak VoWiFi Encryption CVE-2024-22064 https://idw-online.de/en/news837652
ISC StormCast for Tuesday, July 30th, 2024
CrowdStrike Outage Themed Maldoc https://isc.sans.edu/diary/CrowdStrike%20Outage%20Themed%20Maldoc/31116 HotJar XSS Puts OAuth at Risk https://salt.security/blog/over-1-million-websites-are-at-risk-of-sensitive-information-leakage---xss-is-dead-long-live-xss Proofpoint Echospoofing https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
ISC StormCast for Tuesday, July 30th, 2024
CrowdStrike Outage Themed Maldoc https://isc.sans.edu/diary/CrowdStrike%20Outage%20Themed%20Maldoc/31116 HotJar XSS Puts OAuth at Risk https://salt.security/blog/over-1-million-websites-are-at-risk-of-sensitive-information-leakage---xss-is-dead-long-live-xss Proofpoint Echospoofing https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
ISC StormCast for Monday, July 29th, 2024
ExelaStealer Delivered "From Russia With Love" https://isc.sans.edu/diary/31118 Create Your Own BSOD: NotMyFault https://isc.sans.edu/diary/Create%20Your%20Own%20BSOD%3A%20NotMyFault/31120 PKFail Vulnerability https://pk.fail/ CrowdStrike Recovery https://arstechnica.com/information-technology/2024/07/97-of-crowdstrike-systems-are-back-online-microsoft-suggests-windows-changes/
ISC StormCast for Monday, July 29th, 2024
ExelaStealer Delivered "From Russia With Love" https://isc.sans.edu/diary/31118 Create Your Own BSOD: NotMyFault https://isc.sans.edu/diary/Create%20Your%20Own%20BSOD%3A%20NotMyFault/31120 PKFail Vulnerability https://pk.fail/ CrowdStrike Recovery https://arstechnica.com/information-technology/2024/07/97-of-crowdstrike-systems-are-back-online-microsoft-suggests-windows-changes/
ISC StormCast for Friday, July 26th, 2024
X-Worm Hidden With Process Hollowing https://isc.sans.edu/diary/XWorm%20Hidden%20With%20Process%20Hollowing/31112 Anyone Can Access Deleted and Private Repo Data on GitHub https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github Google Chrome Scanning Encrypted Files https://arstechnica.com/security/2024/07/google-overhauls-chromes-safe-browsing-protection-to-scan-password-protected-files/
ISC StormCast for Friday, July 26th, 2024
X-Worm Hidden With Process Hollowing https://isc.sans.edu/diary/XWorm%20Hidden%20With%20Process%20Hollowing/31112 Anyone Can Access Deleted and Private Repo Data on GitHub https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github Google Chrome Scanning Encrypted Files https://arstechnica.com/security/2024/07/google-overhauls-chromes-safe-browsing-protection-to-scan-password-protected-files/
ISC StormCast for Thursday, July 25th, 2024
"Mouse Logger" Malicious Python Script https://isc.sans.edu/diary/%22Mouse%20Logger%22%20Malicious%20Python%20Script/31106 Crowdstrike Preliminary Post Incident Review https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ How a North Korean Fake IT Worker Tried to Infiltrate Us https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
ISC StormCast for Thursday, July 25th, 2024
"Mouse Logger" Malicious Python Script https://isc.sans.edu/diary/%22Mouse%20Logger%22%20Malicious%20Python%20Script/31106 Crowdstrike Preliminary Post Incident Review https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ How a North Korean Fake IT Worker Tried to Infiltrate Us https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
ISC StormCast for Wednesday, July 24th, 2024
New Exploit Variation Against D-Link NAS Devices https://isc.sans.edu/diary/New%20Exploit%20Variation%20Against%20D-Link%20NAS%20Devices%20%28CVE-2024-3273%29/31102 APKs Masquerading as Videos on Telegram https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/ Goodbye Attackers can Bypass Windows Hello Strong Authentication https://www.darkreading.com/endpoint-security/goodbye-attackers-can-bypass-windows-hello-strong-authentication Let's Encrypt Intends to End OCSP Service https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html Google Third-Party Cookies are hanging around https://privacysandbox.com/intl/en_us/news/privacy-sandbox-update/
ISC StormCast for Wednesday, July 24th, 2024
New Exploit Variation Against D-Link NAS Devices https://isc.sans.edu/diary/New%20Exploit%20Variation%20Against%20D-Link%20NAS%20Devices%20%28CVE-2024-3273%29/31102 APKs Masquerading as Videos on Telegram https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/ Goodbye Attackers can Bypass Windows Hello Strong Authentication https://www.darkreading.com/endpoint-security/goodbye-attackers-can-bypass-windows-hello-strong-authentication Let's Encrypt Intends to End OCSP Service https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html Google Third-Party Cookies are hanging around https://privacysandbox.com/intl/en_us/news/privacy-sandbox-update/
ISC StormCast for Tuesday, July 23rd, 2024
CrowdStrike Update https://isc.sans.edu/diary/CrowdStrike%3A%20The%20Monday%20After/31098 https://www.theregister.com/2024/07/21/crowdstrike_linux_crashes_restoration_tools/ Keynote Recording https://www.sans.org/webcasts/sansfire-2024-keynote-25-years-of-the-internet-storm-center-time-traveling-through-sensor-data/
ISC StormCast for Tuesday, July 23rd, 2024
CrowdStrike Update https://isc.sans.edu/diary/CrowdStrike%3A%20The%20Monday%20After/31098 https://www.theregister.com/2024/07/21/crowdstrike_linux_crashes_restoration_tools/ Keynote Recording https://www.sans.org/services/video-player/?key=1goL2vPrltnj
ISC StormCast for Monday, July 22nd, 2024
Widespread Windows Crashes Due to Crowdstrike Updates https://isc.sans.edu/diary/Widespread%20Windows%20Crashes%20Due%20to%20Crowdstrike%20Updates/31094 https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/ https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
ISC StormCast for Monday, July 22nd, 2024
Widespread Windows Crashes Due to Crowdstrike Updates https://isc.sans.edu/diary/Widespread%20Windows%20Crashes%20Due%20to%20Crowdstrike%20Updates/31094 https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/ https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959