A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
ISC StormCast for Monday, November 4th 2019
Critical Google Chrome Update Fixes Exploited Vulnerability https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html Blue Keep Vulnerability Mass Exploited to Install Crypto Coin Miner https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/ rConfig Vulnerabilities https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
ISC StormCast for Monday, November 4th 2019
Critical Google Chrome Update Fixes Exploited Vulnerability https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html Blue Keep Vulnerability Mass Exploited to Install Crypto Coin Miner https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/ rConfig Vulnerabilities https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
ISC StormCast for Friday, November 1st 2019
Phishing Made Easy With EML Files and Outlook 365 https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/ Microsoft TLS Security Enhancements Lead to Timeouts https://support.microsoft.com/en-us/help/4528489/transport-layer-security-tls-connections-might-intermittently-fail-or MESSAGETAP: Who's Reading Your Text Messages https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html Amazon Authentication Failure for 3rd Party Devices https://old.reddit.com/r/sysadmin/comments/dpbt3t/the_perils_of_security_and_how_i_finally_resolved/
ISC StormCast for Friday, November 1st 2019
Phishing Made Easy With EML Files and Outlook 365 https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/ Microsoft TLS Security Enhancements Lead to Timeouts https://support.microsoft.com/en-us/help/4528489/transport-layer-security-tls-connections-might-intermittently-fail-or MESSAGETAP: Who's Reading Your Text Messages https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html Amazon Authentication Failure for 3rd Party Devices https://old.reddit.com/r/sysadmin/comments/dpbt3t/the_perils_of_security_and_how_i_finally_resolved/
ISC StormCast for Thursday, October 31st 2019
Apple Security Updates Details Released https://support.apple.com/en-us/HT201222 Untitled Goose Deserialization https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization Insecure Pagers Leak Medical Data https://techcrunch.com/2019/10/30/nhs-pagers-medical-health-data/ Kibana Vulnerablity https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
ISC StormCast for Thursday, October 31st 2019
Apple Security Updates Details Released https://support.apple.com/en-us/HT201222 Untitled Goose Deserialization https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization Insecure Pagers Leak Medical Data https://techcrunch.com/2019/10/30/nhs-pagers-medical-health-data/ Kibana Vulnerablity https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
ISC StormCast for Wednesday, October 30th 2019
xHelper Android Malware https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware Counterstrike Game Keys Used for Money Laundry https://blog.counter-strike.net/index.php/2019/10/26113/ Greating PCAP Files From YAML https://isc.sans.edu/forums/diary/Generating+PCAP+Files+from+YAML/25464/
ISC StormCast for Wednesday, October 30th 2019
xHelper Android Malware https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware Counterstrike Game Keys Used for Money Laundry https://blog.counter-strike.net/index.php/2019/10/26113/ Greating PCAP Files From YAML https://isc.sans.edu/forums/diary/Generating+PCAP+Files+from+YAML/25464/
ISC StormCast for Tuesday, October 29th 2019
PHP 7 Remote Code Execution Vulnerability Exploited https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/ https://github.com/neex/phuip-fpizdam Finding Shellcode with scdbg https://isc.sans.edu/forums/diary/Using+scdbg+to+Find+Shellcode/25460/ Apple iOS / tvOS / Safari Updates https://support.apple.com/en-us/HT201222 Sextortion Attempts Are Targeting Blogs https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/
ISC StormCast for Tuesday, October 29th 2019
PHP 7 Remote Code Execution Vulnerability Exploited https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/ https://github.com/neex/phuip-fpizdam Finding Shellcode with scdbg https://isc.sans.edu/forums/diary/Using+scdbg+to+Find+Shellcode/25460/ Apple iOS / tvOS / Safari Updates https://support.apple.com/en-us/HT201222 Sextortion Attempts Are Targeting Blogs https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/
ISC StormCast for Monday, October 28th 2019
Odd Double Base64 Endoded "BS_REAL_IP" Header https://isc.sans.edu/forums/diary/Unusual+Activity+with+Double+Base64+Encoding/25458/ DNS Archeology With PowerShell https://isc.sans.edu/forums/diary/More+on+DNS+Archeology+with+PowerShell/25452/ iOS Appstore Malware https://www.wandera.com/mobile-security/ios-trojan-malware/ British Law Enforcement Misses Malware Reports Due to Anti-Malware https://www.theregister.co.uk/2019/10/24/hmicfrs_report_cyber_crime/
ISC StormCast for Monday, October 28th 2019
Odd Double Base64 Endoded "BS_REAL_IP" Header https://isc.sans.edu/forums/diary/Unusual+Activity+with+Double+Base64+Encoding/25458/ DNS Archeology With PowerShell https://isc.sans.edu/forums/diary/More+on+DNS+Archeology+with+PowerShell/25452/ iOS Appstore Malware https://www.wandera.com/mobile-security/ios-trojan-malware/ British Law Enforcement Misses Malware Reports Due to Anti-Malware https://www.theregister.co.uk/2019/10/24/hmicfrs_report_cyber_crime/
ISC StormCast for Friday, October 25th 2019
XML External Entity Vuln in LSP4XML Affects Various Developer Tools https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/?preview=true Google Chrome Will Make "SameSite" Default https://blog.chromium.org/2019/10/developers-get-ready-for-new.html Leftover Gigamon Configurations https://isc.sans.edu/forums/diary/Your+Supply+Chain+Doesnt+End+At+Receiving+How+Do+You+Decommission+Network+Equipment/25448/
ISC StormCast for Friday, October 25th 2019
XML External Entity Vuln in LSP4XML Affects Various Developer Tools https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/?preview=true Google Chrome Will Make "SameSite" Default https://blog.chromium.org/2019/10/developers-get-ready-for-new.html Leftover Gigamon Configurations https://isc.sans.edu/forums/diary/Your+Supply+Chain+Doesnt+End+At+Receiving+How+Do+You+Decommission+Network+Equipment/25448/
ISC StormCast for Thursday, October 24th 2019
FTC Issues SIM Swapping Guidance https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself Discord Used as Info Stealer Backdoor https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/ Cisco Exploit Code https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass Tails 4.0 Released https://tails.boum.org/news/version_4.0/index.en.html