A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Thursday, November 7th 2019
Google Improving PlayStore Security With Partners https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html Xen Security Advisories https://xenbits.xen.org/xsa/ npcap pool corruption vulnerability https://github.com/nmap/nmap/issues/1568 TrendMicro Employee Selling Customer Data to Tech Support Scammers https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/ SANS Security Awareness Newsletter https://www.sans.org/security-awareness-training/resources/shopping-online-securely-1
ISC StormCast for Thursday, November 7th 2019
Google Improving PlayStore Security With Partners https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html Xen Security Advisories https://xenbits.xen.org/xsa/ npcap pool corruption vulnerability https://github.com/nmap/nmap/issues/1568 TrendMicro Employee Selling Customer Data to Tech Support Scammers https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/ SANS Security Awareness Newsletter https://www.sans.org/security-awareness-training/resources/shopping-online-securely-1
ISC StormCast for Wednesday, November 6th 2019
Formbook Malspam https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/ Honeypot Update https://github.com/DShield-ISC/dshield Office on Mac XLM Macros https://kb.cert.org/vuls/id/125336/ Firefox Browser Lock Bug Exploited https://bugzilla.mozilla.org/show_bug.cgi?id=1593795 libarchive use after free vulnerability https://medium.com/@social_62682/new-libarchive-use-after-free-vulnerability-36c4b141fe89
ISC StormCast for Wednesday, November 6th 2019
Formbook Malspam https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/ Honeypot Update https://github.com/DShield-ISC/dshield Office on Mac XLM Macros https://kb.cert.org/vuls/id/125336/ Firefox Browser Lock Bug Exploited https://bugzilla.mozilla.org/show_bug.cgi?id=1593795 libarchive use after free vulnerability https://medium.com/@social_62682/new-libarchive-use-after-free-vulnerability-36c4b141fe89
ISC StormCast for Tuesday, November 5th 2019
Clam AV Vulnerability https://twitter.com/hackerfantastic/status/1190685521153937408 https://pastebin.com/cfP7X89m XCode Vulnerability https://support.apple.com/en-is/HT210729 MikroTik DNS Cache Poisoning https://blog.mikrotik.com/security/dns-cache-poisoning-vulnerability.html
ISC StormCast for Tuesday, November 5th 2019
Clam AV Vulnerability https://twitter.com/hackerfantastic/status/1190685521153937408 https://pastebin.com/cfP7X89m XCode Vulnerability https://support.apple.com/en-is/HT210729 MikroTik DNS Cache Poisoning https://blog.mikrotik.com/security/dns-cache-poisoning-vulnerability.html
ISC StormCast for Monday, November 4th 2019
Critical Google Chrome Update Fixes Exploited Vulnerability https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html Blue Keep Vulnerability Mass Exploited to Install Crypto Coin Miner https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/ rConfig Vulnerabilities https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
ISC StormCast for Monday, November 4th 2019
Critical Google Chrome Update Fixes Exploited Vulnerability https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html Blue Keep Vulnerability Mass Exploited to Install Crypto Coin Miner https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/ rConfig Vulnerabilities https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
ISC StormCast for Friday, November 1st 2019
Phishing Made Easy With EML Files and Outlook 365 https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/ Microsoft TLS Security Enhancements Lead to Timeouts https://support.microsoft.com/en-us/help/4528489/transport-layer-security-tls-connections-might-intermittently-fail-or MESSAGETAP: Who's Reading Your Text Messages https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html Amazon Authentication Failure for 3rd Party Devices https://old.reddit.com/r/sysadmin/comments/dpbt3t/the_perils_of_security_and_how_i_finally_resolved/
ISC StormCast for Friday, November 1st 2019
Phishing Made Easy With EML Files and Outlook 365 https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/ Microsoft TLS Security Enhancements Lead to Timeouts https://support.microsoft.com/en-us/help/4528489/transport-layer-security-tls-connections-might-intermittently-fail-or MESSAGETAP: Who's Reading Your Text Messages https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html Amazon Authentication Failure for 3rd Party Devices https://old.reddit.com/r/sysadmin/comments/dpbt3t/the_perils_of_security_and_how_i_finally_resolved/
ISC StormCast for Thursday, October 31st 2019
Apple Security Updates Details Released https://support.apple.com/en-us/HT201222 Untitled Goose Deserialization https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization Insecure Pagers Leak Medical Data https://techcrunch.com/2019/10/30/nhs-pagers-medical-health-data/ Kibana Vulnerablity https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
ISC StormCast for Thursday, October 31st 2019
Apple Security Updates Details Released https://support.apple.com/en-us/HT201222 Untitled Goose Deserialization https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization Insecure Pagers Leak Medical Data https://techcrunch.com/2019/10/30/nhs-pagers-medical-health-data/ Kibana Vulnerablity https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
ISC StormCast for Wednesday, October 30th 2019
xHelper Android Malware https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware Counterstrike Game Keys Used for Money Laundry https://blog.counter-strike.net/index.php/2019/10/26113/ Greating PCAP Files From YAML https://isc.sans.edu/forums/diary/Generating+PCAP+Files+from+YAML/25464/
ISC StormCast for Wednesday, October 30th 2019
xHelper Android Malware https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware Counterstrike Game Keys Used for Money Laundry https://blog.counter-strike.net/index.php/2019/10/26113/ Greating PCAP Files From YAML https://isc.sans.edu/forums/diary/Generating+PCAP+Files+from+YAML/25464/
ISC StormCast for Tuesday, October 29th 2019
PHP 7 Remote Code Execution Vulnerability Exploited https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/ https://github.com/neex/phuip-fpizdam Finding Shellcode with scdbg https://isc.sans.edu/forums/diary/Using+scdbg+to+Find+Shellcode/25460/ Apple iOS / tvOS / Safari Updates https://support.apple.com/en-us/HT201222 Sextortion Attempts Are Targeting Blogs https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/