A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Wednesday, February 27th 2019
Thunderbolt "Thunderclap" Vulnerabilities https://thunderclap.io/thunderclap-paper-ndss2019.pdf Altering Signed PDF Documents https://www.pdf-insecurity.org/ NVidia Patches https://nvidia.custhelp.com/app/answers/detail/a_id/4772
ISC StormCast for Wednesday, February 27th 2019
Thunderbolt "Thunderclap" Vulnerabilities https://thunderclap.io/thunderclap-paper-ndss2019.pdf Altering Signed PDF Documents https://www.pdf-insecurity.org/ NVidia Patches https://nvidia.custhelp.com/app/answers/detail/a_id/4772
ISC StormCast for Tuesday, February 26th 2019
WinRAR ACE Vulnerabilty used in Malspam https://twitter.com/360TIC/status/1099987939818299392 Sextortion Email With QR Code https://isc.sans.edu/forums/diary/Sextortion+Email+Variant+With+QR+Code/24686/ ICANN Pushes DNSSEC to Defend Against DNS Zone Manipulation https://www.icann.org/news/announcement-2019-02-22-en Android FIDO2 Certification https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/
ISC StormCast for Tuesday, February 26th 2019
WinRAR ACE Vulnerabilty used in Malspam https://twitter.com/360TIC/status/1099987939818299392 Sextortion Email With QR Code https://isc.sans.edu/forums/diary/Sextortion+Email+Variant+With+QR+Code/24686/ ICANN Pushes DNSSEC to Defend Against DNS Zone Manipulation https://www.icann.org/news/announcement-2019-02-22-en Android FIDO2 Certification https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/
ISC StormCast for Monday, February 25th 2019
B0ront0k Linux Server Ransomware https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/ Cr1pt0r Ransomware Targets DLink NAS Devices https://www.bleepingcomputer.com/forums/t/691852/cr1ptt0r-ransomware-files-encrypted-readmetxt-support-topic/page-3 LinkedIn Messages Used to Push Fake Job Offers https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers
ISC StormCast for Monday, February 25th 2019
B0ront0k Linux Server Ransomware https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/ Cr1pt0r Ransomware Targets DLink NAS Devices https://www.bleepingcomputer.com/forums/t/691852/cr1ptt0r-ransomware-files-encrypted-readmetxt-support-topic/page-3 LinkedIn Messages Used to Push Fake Job Offers https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers
ISC StormCast for Friday, February 22nd 2019
Adobe Re-Patches Reader/Acrobat Data Leakage Bug https://helpx.adobe.com/security/products/acrobat/apsb19-13.html Microsoft Releases Fix for DoS Vulnerability in IIS https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190005 Drupal Fixes Remote Code Execution Vulnerability https://www.drupal.org/sa-core-2019-003 Linux Kernel Code Execution Vulnerablity https://nvd.nist.gov/vuln/detail/CVE-2019-8912 MikroTik Unauthenticated Proxy https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
ISC StormCast for Friday, February 22nd 2019
Adobe Re-Patches Reader/Acrobat Data Leakage Bug https://helpx.adobe.com/security/products/acrobat/apsb19-13.html Microsoft Releases Fix for DoS Vulnerability in IIS https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190005 Drupal Fixes Remote Code Execution Vulnerability https://www.drupal.org/sa-core-2019-003 Linux Kernel Code Execution Vulnerablity https://nvd.nist.gov/vuln/detail/CVE-2019-8912 MikroTik Unauthenticated Proxy https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
ISC StormCast for Thursday, February 21st 2019
Microsoft Edge Whitelists Facebook to Run Flash https://bugs.chromium.org/p/project-zero/issues/detail?id=1722 Chinese Android Banking App Stores Screenshots of Other Apps https://jqknews.com/news/141073-Jingdong_Finance_denied_stealing_user_information_saying_that_the_image_cache_was_only_local.html Password Manager Vulnerabilities https://www.securityevaluators.com/casestudies/password-manager-hacking/
ISC StormCast for Thursday, February 21st 2019
Microsoft Edge Whitelists Facebook to Run Flash https://bugs.chromium.org/p/project-zero/issues/detail?id=1722 Chinese Android Banking App Stores Screenshots of Other Apps https://jqknews.com/news/141073-Jingdong_Finance_denied_stealing_user_information_saying_that_the_image_cache_was_only_local.html Password Manager Vulnerabilities https://www.securityevaluators.com/casestudies/password-manager-hacking/
ISC StormCast for Wednesday, February 20th 2019
Russian Malspam Pushing Shade/Troldesh Ransomware https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/ Bitdefender Releases GandCrab Decrypter https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/ Bank Infrastructure Used in Phishing Attacks (russian) https://www.group-ib.ru/blog/incident SHA-2 Patch For Windows 7 / 2008 R2 SP1 https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
ISC StormCast for Wednesday, February 20th 2019
Russian Malspam Pushing Shade/Troldesh Ransomware https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/ Bitdefender Releases GandCrab Decrypter https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/ Bank Infrastructure Used in Phishing Attacks (russian) https://www.group-ib.ru/blog/incident SHA-2 Patch For Windows 7 / 2008 R2 SP1 https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
ISC StormCast for Tuesday, February 19th 2019
Know What You Are Logging https://isc.sans.edu/forums/diary/Know+What+You+Are+Logging/24656/ Spectre Software Mitigation Insufficient https://arxiv.org/pdf/1902.05178.pdf VMWare Releases Update To Address runc Vulnerability https://www.vmware.com/security/advisories/VMSA-2019-0001.html Swedish Healthcare Breach Leaks Phone call Recordings https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet
ISC StormCast for Tuesday, February 19th 2019
Know What You Are Logging https://isc.sans.edu/forums/diary/Know+What+You+Are+Logging/24656/ Spectre Software Mitigation Insufficient https://arxiv.org/pdf/1902.05178.pdf VMWare Releases Update To Address runc Vulnerability https://www.vmware.com/security/advisories/VMSA-2019-0001.html Swedish Healthcare Breach Leaks Phone call Recordings https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet
ISC StormCast for Monday, February 18th 2019
Snap Patches Available https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing Finding Property Values in Office Documents https://isc.sans.edu/forums/diary/Finding+Property+Values+in+Office+Documents/24652/ Bro-Sysmon https://engineering.salesforce.com/test-out-bro-sysmon-a6fad1c8bb88 Cryptojacking Apps in Microsoft App Store https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store