A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Wednesday, November 13th, 2024
Microsoft November 2024 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20November%202024%20Patch%20Tuesday/31438 CISA Top Routinely Exploited Vulnerabilities https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a APT Actors Embed Malware within macOS Flutter Applications https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
ISC StormCast for Tuesday, November 12th, 2024
PDF Object Streams https://isc.sans.edu/diary/PDF%20Object%20Streams/31430 Mazda Infotainment Vulnerabilities https://www.zerodayinitiative.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight https://workos.com/blog/ruby-saml-cve-2024-45409 Veeam Backup Enterprise Manager Vulnerability https://www.veeam.com/kb4682 Security Update for Dell Enterprise SONiC Distribution Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities Easy Access to Information for Conducting Fraudulent Emergency Data Requests Impacts US-Based Companies and Law Enforcement Agencies https://www.ic3.gov/CSA/2024/241104.pdf
ISC StormCast for Monday, November 11th, 2024
zipdump and pkzip records https://isc.sans.edu/diary/zipdump%20%26%20PKZIP%20Records/31428 Am I Isolated https://github.com/edera-dev/am-i-isolated Locked iPhones Reboot https://www.404media.co/police-freak-out-at-iphones-mysteriously-rebooting-themselves-locking-cops-out/ https://x.com/naehrdine/status/1854896392797360484 Palo Alto Networks Bulletin https://security.paloaltonetworks.com/PAN-SA-2024-0015 D-Link Vulnerability https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07
ISC StormCast for Friday, November 8th, 2024
Steam Account Checker Poisoned with Infostealer https://isc.sans.edu/diary/Steam%20Account%20Checker%20Poisoned%20with%20Infostealer/31420 Cisco Ultra Reliable Wireless Backhaul Vulnerability https://www.cisco.com/site/us/en/products/networking/industrial-wireless/ultra-reliable-wireless-backhaul/index.html Breaking Down Multipart Parsers: File upload validation bypass https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/ Evasive ZIP Concatenation: Trojan Targets Windows Users https://perception-point.io/blog/evasive-concatenated-zip-trojan-targets-windows-users/ Veeam Backup Enterprise Manager Vulnerability (CVE-2024-40715) https://www.veeam.com/kb4682 SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge-2024
ISC StormCast for Thursday, November 7th, 2024
Insights from August Web Traffic Surge https://isc.sans.edu/forums/diary/%5BGuest%20Diary%5D%20Insights%20from%20August%20Web%20Traffic%20Surge/31408/ Talkative Air Fryer https://www.which.co.uk/policy-and-insight/article/why-is-my-air-fryer-spying-on-me-which-reveals-the-smart-devices-gathering-your-data-and-where-they-send-it-a9Fa24K6gY1c Pygmy Goat Malware Report https://www.ncsc.gov.uk/section/keep-up-to-date/malware-analysis-reports Apple CVE-2024-44258 PoC Exploit https://github.com/ifpdz/CVE-2024-44258 HPE Arruba vulnerabilities https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
ISC StormCast for Wednesday, November 6th, 2024
Python RAT with a Nice Screensharing Feature https://isc.sans.edu/diary/Python%20RAT%20with%20a%20Nice%20Screensharing%20Feature/31414 Android Security Bulletin November 2024 https://source.android.com/docs/security/bulletin/2024-11-01 Malware Delivered as Virtual Machine https://www.securonix.com/blog/crontrap-emulated-linux-environments-as-the-latest-tactic-in-malware-staging/ Fake Docusign Invoices https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/
ISC StormCast for Tuesday, November 5th, 2024
Analyzing an Encrypted Phishing PDF https://isc.sans.edu/diary/Analyzing%20an%20Encrypted%20Phishing%20PDF/31404 Okta Verify Desktop MFA For Windows Password Less Login CVE-2024-9191 https://trust.okta.com/security-advisories/okta-verify-desktop-mfa-for-windows-passwordless-login-cve-2024-9191/ QNAP QuRouter Vulnerability and Patch https://www.qnap.com/en/security-advisory/qsa-24-45 From Naptime to Big Sleep https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html Authenticated SQL injection vulnerability - ManageEngine ADManager Plus CVE-2024-48878 https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html
ISC StormCast for Monday, November 4th, 2024
October Activity with Username chenzilong https://isc.sans.edu/diary/October%202024%20Activity%20with%20Username%20chenzilong/31400 qpdf Extracting PDF Streams https://isc.sans.edu/diary/qpdf%3A%20Extracting%20PDF%20Streams/31406 Okta bcrypt issue https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/ https://medium.com/@rajat29gupta/how-bcrypts-limitations-contributed-to-okta-s-vulnerability-a-lesson-for-developers-39425c644ed5 Synology Vulnerabilities https://www.synology.com/de-de/security/advisory/Synology_SA_24_19 https://www.synology.com/de-de/security/advisory/Synology_SA_24_18 Lastpass Fake Reviews https://blog.lastpass.com/posts/fake-web-store-reviews-attempting-to-steal-customer-data
ISC StormCast for Thursday, October 31st, 2024
Scans for RDP Gateways https://isc.sans.edu/diary/Scans%20for%20RDP%20Gateways/31398 CyberPanel Exploited https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/ Windows Themes Files Spoofing CVE-2024-38030 https://blog.0patch.com/2024/10/we-patched-cve-2024-38030-found-another.html QNAP Patches CVE-2024-50388, CVE-2024-50387 https://www.qnap.com/en/security-advisory/qsa-24-41 Facebook Malvertising https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/
ISC StormCast for Wednesday, October 30th, 2024
Critical RCE Vulnerabilty in Cyberpanel https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce Spring WebFlux Vulnerability https://access.redhat.com/security/cve/cve-2024-38821 https://spring.io/security/cve-2024-38821 Inbound SMTP DANE with DNSSEC for Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292 HeptaX: Unauthorized RDP Connections for Cyberespionage Operations https://cyble.com/blog/heptax-unauthorized-rdp-connections-for-cyberespionage-operations/
ISC StormCast for Tuesday, October 29th, 2024
Apple Update Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything/31390 Selfcontained HTML Phishing Attachment Using Telegram to Exfiltrate Credentials https://isc.sans.edu/diary/Selfcontained+HTML+phishing+attachment+using+Telegram+to+exfiltrate+stolen+credentials/31388/ ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE Exploits https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits
ISC StormCast for Monday, October 28th, 2024
Two currently (old) exploited Ivanti vulnerabilities https://isc.sans.edu/diary/Two%20currently%20%28old%29%20exploited%20Ivanti%20vulnerabilities/31384 Arcadyan FMIMG51AX000J (WiFi Alliance) RCE CVE-2024-41992 https://ssd-disclosure.com/ssd-advisory-arcadyan-fmimg51ax000j-wifi-alliance-rce/ Okta iOS App Vulnerability CVE-2024-10327 https://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327/ Threat Alert TeamTNT's docker gatling gun campaign https://www.aquasec.com/blog/threat-alert-teamtnts-docker-gatling-gun-campaign/
ISC StormCast for Friday, October 25th, 2024
Development Features Enabled in Production https://isc.sans.edu/diary/Development%20Features%20Enabled%20in%20Prodcution/31380 Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials https://blog.talosintelligence.com/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials/ Cisco Secure Firewall Management Center Software Command Injection Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7 Exposing the Danger Within: Hardcoded Cloud Credentials in Popular Mobile Apps https://www.security.com/threat-intelligence/exposing-danger-within-hardcoded-cloud-credentials-popular-mobile-apps
ISC StormCast for Thursday, October 24th, 2024
Everybody Loves Bash Scripts Including Attackers https://isc.sans.edu/diary/Everybody%20Loves%20Bash%20Scripts.%20Including%20Attackers./31376 Fortimanager Exploited Vulnerability https://www.fortiguard.com/psirt/FG-IR-24-423 Sharepoint Exploit https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC OpenSSL Vulnerability https://openssl-library.org/news/secadv/20241016.txt Reduced Certificate Lifetime https://github.com/cabforum/servercert/pull/553
ISC StormCast for Wednesday, October 23rd, 2024
How much HTTP (not HTTPS) Traffic is Traversing Your Perimeter? https://isc.sans.edu/diary/How%20much%20HTTP%20%28not%20HTTPS%29%20Traffic%20is%20Traversing%20Your%20Perimeter%3F/31372 VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 Unifi Security Advisory Bulletin 043 https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7 Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability. https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability Atlassian Security Bulletin - October 15 2024 https://confluence.atlassian.com/security/security-bulletin-october-15-2024-1442910972.html OneDev Arbitrary file reading for unauthenticated user https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489