A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
ISC StormCast for Tuesday, August 27th 2019
Apple Patches Jailbreak Vulnerability https://support.apple.com/en-us/HT210549 Scanning for Pulse Secure VPN Endpoints https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/ Emotet is Back https://www.bleepingcomputer.com/news/security/emotet-botnet-is-back-servers-active-across-the-world/
ISC StormCast for Tuesday, August 27th 2019
Apple Patches Jailbreak Vulnerability https://support.apple.com/en-us/HT210549 Scanning for Pulse Secure VPN Endpoints https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/ Emotet is Back https://www.bleepingcomputer.com/news/security/emotet-botnet-is-back-servers-active-across-the-world/
ISC StormCast for Monday, August 26th 2019
Simple Mimikatz And RDPWrapper Dropper https://isc.sans.edu/forums/diary/Simple+Mimikatz+RDPWrapper+Dropper/25262/ Malware Impersonating IRS https://www.irs.gov/newsroom/security-summit-warns-of-new-irs-impersonation-email-scam-reminds-taxpayers-the-irs-does-not-send-unsolicited-emails Instagram Phishing with 2FA Codes https://nakedsecurity.sophos.com/2019/08/23/instagram-phishing-uses-2fa-as-a-lure/ GitHub Adding WebAuthn Support https://www.theregister.co.uk/2019/08/23/github_upgrades_its_twofactor_authentication_with_webauthn_support/ Lenovo Solution Center Privilege Escalation https://www.pentestpartners.com/security-blog/privesc-in-lenovo-solution-centre-10-minutes-later/
ISC StormCast for Monday, August 26th 2019
Simple Mimikatz And RDPWrapper Dropper https://isc.sans.edu/forums/diary/Simple+Mimikatz+RDPWrapper+Dropper/25262/ Malware Impersonating IRS https://www.irs.gov/newsroom/security-summit-warns-of-new-irs-impersonation-email-scam-reminds-taxpayers-the-irs-does-not-send-unsolicited-emails Instagram Phishing with 2FA Codes https://nakedsecurity.sophos.com/2019/08/23/instagram-phishing-uses-2fa-as-a-lure/ GitHub Adding WebAuthn Support https://www.theregister.co.uk/2019/08/23/github_upgrades_its_twofactor_authentication_with_webauthn_support/ Lenovo Solution Center Privilege Escalation https://www.pentestpartners.com/security-blog/privesc-in-lenovo-solution-centre-10-minutes-later/
ISC StormCast for Friday, August 23rd 2019
Steam Zero Days and Bug Bounty Controversy https://www.theregister.co.uk/2019/08/22/valve_bug_bounty_steam_u_turn/ bb-builder malicious npm Package https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords Phishers Customize Branded Outlook 365 Login Pages https://www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/
ISC StormCast for Friday, August 23rd 2019
Steam Zero Days and Bug Bounty Controversy https://www.theregister.co.uk/2019/08/22/valve_bug_bounty_steam_u_turn/ bb-builder malicious npm Package https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords Phishers Customize Branded Outlook 365 Login Pages https://www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/
ISC StormCast for Thursday, August 22nd 2019
KAPE vs. Commando VM: Red vs. Blue https://isc.sans.edu/forums/diary/KAPE+Kroll+Artifact+Parser+and+Extractor/25258/ Attacks against Exposed Sphinx Servers https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/CERT-Reports/HOWTOs/Open-Sphinx-Server/open-Sphinx-server_node.html Cisco Patches https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities Newly Registered Domains Most Dangerous https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/
ISC StormCast for Thursday, August 22nd 2019
KAPE vs. Commando VM: Red vs. Blue https://isc.sans.edu/forums/diary/KAPE+Kroll+Artifact+Parser+and+Extractor/25258/ Attacks against Exposed Sphinx Servers https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/CERT-Reports/HOWTOs/Open-Sphinx-Server/open-Sphinx-server_node.html Cisco Patches https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities Newly Registered Domains Most Dangerous https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/
ISC StormCast for Wednesday, August 21st 2019
Guildma Malware is Now Using Facebook and YouTube as Update Channel https://isc.sans.edu/forums/diary/Guildma+malware+is+now+accessing+Facebook+andYouTube+to+keep+uptodate/25222/ Supply Chain Issues: rest-client ruby gem backdoored https://www.theregister.co.uk/2019/08/20/ruby_gem_hacked/
ISC StormCast for Wednesday, August 21st 2019
Guildma Malware is Now Using Facebook and YouTube as Update Channel https://isc.sans.edu/forums/diary/Guildma+malware+is+now+accessing+Facebook+andYouTube+to+keep+uptodate/25222/ Supply Chain Issues: rest-client ruby gem backdoored https://www.theregister.co.uk/2019/08/20/ruby_gem_hacked/
ISC StormCast for Tuesday, August 20th 2019
iOS 12.4 Jailbreak Released after Reindruced Vulnerability form 12.2 https://github.com/pwn20wndstuff/Undecimus/releases SHA2-Signed Updates for Windows Not Available with Symantec Endpoint Protection https://support.symantec.com/us/en/article.tech255857.html Attacking and Downgrading Bluetooth Key Negotiation https://knobattack.com
ISC StormCast for Tuesday, August 20th 2019
iOS 12.4 Jailbreak Released after Reindruced Vulnerability form 12.2 https://github.com/pwn20wndstuff/Undecimus/releases SHA2-Signed Updates for Windows Not Available with Symantec Endpoint Protection https://support.symantec.com/us/en/article.tech255857.html Attacking and Downgrading Bluetooth Key Negotiation https://knobattack.com
ISC StormCast for Monday, August 19th 2019
Large Number of VoIP System Vulnerabilities Released https://www.sit.fraunhofer.de/en/cve/ Confidential Company Documents Leaked in Public Sandboxes https://blog.cylab.co/2019/08/16/confidential-company-documents-exposed-in-public-sandboxes/ https://www.sit.fraunhofer.de/en/news-events/latest/press-releases/details/news-article/show/gefahr-uebers-telefon/ Trend Micro Password Manager DLL Hijacking https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx Firefox Password Manager May Leak Passwords https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/#CVE-2019-11733
ISC StormCast for Monday, August 19th 2019
Large Number of VoIP System Vulnerabilities Released https://www.sit.fraunhofer.de/en/cve/ Confidential Company Documents Leaked in Public Sandboxes https://blog.cylab.co/2019/08/16/confidential-company-documents-exposed-in-public-sandboxes/ https://www.sit.fraunhofer.de/en/news-events/latest/press-releases/details/news-article/show/gefahr-uebers-telefon/ Trend Micro Password Manager DLL Hijacking https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx Firefox Password Manager May Leak Passwords https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/#CVE-2019-11733
ISC StormCast for Friday, August 16th 2019
Analysis of a Spearphishing Maldoc https://isc.sans.edu/forums/diary/Analysis+of+a+Spearphishing+Maldoc/25242/ IoT Security Stagnation https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/ Kaspersky Insecurity https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html