A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Friday, April 27th 2018
HP iLO Ransomware https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/ Total Meltdown Exploit Available https://blog.xpnsec.com/total-meltdown-cve-2018-1038/ WD My Cloud EX2 Access Control Bypass https://www.trustwave.com/Resources/SpiderLabs-Blog/WD-My-Cloud-EX2-Serves-Your-Files-to-Anyone/ Hyperoptic ZTE Home Router Hardcoded Account https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers
ISC StormCast for Thursday, April 26th 2018
New Drupal Remote Code Execution Vulnerability https://www.drupal.org/sa-core-2018-004 Malicious Network Traffic From /bin/bash https://isc.sans.edu/forums/diary/Malicious+Network+Traffic+From+binbash/23591/ Insecure Hotel Locks https://safeandsavvy.f-secure.com/2018/04/25/researchers-find-way-to-generate-master-keys-to-hotels/ Amazon Echo As Evesdropping Device (signin required) https://info.checkmarx.com/wp-alexa
ISC StormCast for Thursday, April 26th 2018
New Drupal Remote Code Execution Vulnerability https://www.drupal.org/sa-core-2018-004 Malicious Network Traffic From /bin/bash https://isc.sans.edu/forums/diary/Malicious+Network+Traffic+From+binbash/23591/ Insecure Hotel Locks https://safeandsavvy.f-secure.com/2018/04/25/researchers-find-way-to-generate-master-keys-to-hotels/ Amazon Echo As Evesdropping Device (signin required) https://info.checkmarx.com/wp-alexa
ISC StormCast for Monday, March 12th 2018
Paying For Ransomware Often Fails to Recover Files https://cyber-edge.com/cdr/#about-this-report Microtik Router Malware Infects Sysadmin PCs https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf CNNVD Held Back Vulnerabilities https://www.recordedfuture.com/chinese-mss-vulnerability-influence/ Keeper Exposes S3 Bucket http://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/ https://keepersecurity.com/blog/2018/03/10/keepers-response-zdnets-article-regarding-s3-bucket-configuration-issue/ Chip and Pin Clones https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/
ISC StormCast for Monday, March 12th 2018
Paying For Ransomware Often Fails to Recover Files https://cyber-edge.com/cdr/#about-this-report Microtik Router Malware Infects Sysadmin PCs https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf CNNVD Held Back Vulnerabilities https://www.recordedfuture.com/chinese-mss-vulnerability-influence/ Keeper Exposes S3 Bucket http://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/ https://keepersecurity.com/blog/2018/03/10/keepers-response-zdnets-article-regarding-s3-bucket-configuration-issue/ Chip and Pin Clones https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/
ISC StormCast for Friday, March 9th 2018
Apache Solr Vulnerability used to Install Cryptocoin Miner https://isc.sans.edu/forums/diary/Apache+SOLR+the+new+target+for+cryptominers/23425/ CRIMEB4NK IRC Bot https://isc.sans.edu/forums/diary/CRIMEB4NK+IRC+Bot/23423/ Cisco Patches https://tools.cisco.com/security/center/publicationListing.x Any.Run Malware Analysis Tool https://any.run
ISC StormCast for Friday, March 9th 2018
Apache Solr Vulnerability used to Install Cryptocoin Miner https://isc.sans.edu/forums/diary/Apache+SOLR+the+new+target+for+cryptominers/23425/ CRIMEB4NK IRC Bot https://isc.sans.edu/forums/diary/CRIMEB4NK+IRC+Bot/23423/ Cisco Patches https://tools.cisco.com/security/center/publicationListing.x Any.Run Malware Analysis Tool https://any.run
ISC StormCast for Thursday, March 8th 2018
Ransomware News: GlobeImposter Gets A Facelift, GandCrab is Still Out there https://isc.sans.edu/forums/diary/Ransomware+news+GlobeImposter+gets+a+facelift+GandCrab+is+still+out+there/23417/ How to Break Encryption https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to-break-encryption/ Bypassing Adobe Flash Security Protections https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/ Hundreds of Bitcoin Mining Servers Stolen in Iceland https://www.theguardian.com/world/2018/mar/07/hundreds-of-bitcoin-mining-servers-stolen-in-iceland Several Android Mail Apps Send Password To Developer (article in German) https://www.kuketz-blog.de/mail-apps-zahlreiche-android-apps-uebermitteln-login-passwort/
ISC StormCast for Thursday, March 8th 2018
Ransomware News: GlobeImposter Gets A Facelift, GandCrab is Still Out there https://isc.sans.edu/forums/diary/Ransomware+news+GlobeImposter+gets+a+facelift+GandCrab+is+still+out+there/23417/ How to Break Encryption https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to-break-encryption/ Bypassing Adobe Flash Security Protections https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/ Hundreds of Bitcoin Mining Servers Stolen in Iceland https://www.theguardian.com/world/2018/mar/07/hundreds-of-bitcoin-mining-servers-stolen-in-iceland Several Android Mail Apps Send Password To Developer (article in German) https://www.kuketz-blog.de/mail-apps-zahlreiche-android-apps-uebermitteln-login-passwort/
ISC StormCast for Wednesday, March 7th 2018
Exploit for CVE-2018-6789 https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/ Microsoft Fixes USB Issues Introduced By February Patches https://support.microsoft.com/en-us/help/4090913/march5-2018kb4090913osbuild16299-251 123 Reg Looses Backups https://www.bleepingcomputer.com/news/business/123-reg-backup-snafu-causes-clients-to-lose-files-since-august-2017/ Android March Security Bulletin https://source.android.com/security/bulletin/2018-03-01#media-framework
ISC StormCast for Wednesday, March 7th 2018
Exploit for CVE-2018-6789 https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/ Microsoft Fixes USB Issues Introduced By February Patches https://support.microsoft.com/en-us/help/4090913/march5-2018kb4090913osbuild16299-251 123 Reg Looses Backups https://www.bleepingcomputer.com/news/business/123-reg-backup-snafu-causes-clients-to-lose-files-since-august-2017/ Android March Security Bulletin https://source.android.com/security/bulletin/2018-03-01#media-framework
ISC StormCast for Tuesday, March 6th 2018
Malicious Bash Script with Multiple Features https://isc.sans.edu/forums/diary/Malicious+Bash+Script+with+Multiple+Features/23411/ More Memcached DDoS Attacks https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/ Spring Framework Vulnerability https://lgtm.com/blog/spring_data_rest_CVE-2017-8046 LTE Vulnerabilities http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE_NDSS18_paper.pdf
ISC StormCast for Tuesday, March 6th 2018
Malicious Bash Script with Multiple Features https://isc.sans.edu/forums/diary/Malicious+Bash+Script+with+Multiple+Features/23411/ More Memcached DDoS Attacks https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/ Spring Framework Vulnerability https://lgtm.com/blog/spring_data_rest_CVE-2017-8046 LTE Vulnerabilities http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE_NDSS18_paper.pdf
ISC StormCast for Monday, March 5th 2018
Protective Malicious Monero Crypto Coin Miners https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/ memcached DDoS Attacks Ask For Ransom https://blogs.akamai.com/2018/03/memcached-now-with-extortion.html Cheap Android Trojans Come PreInstalled With Banking Malware https://news.drweb.com/show/?lng=en&i=11749&c=5 RedDrop Android Malware Installed via 3rd Party App Stores https://www.wandera.com/blog/reddrop-malware/
ISC StormCast for Monday, March 5th 2018
Protective Malicious Monero Crypto Coin Miners https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/ memcached DDoS Attacks Ask For Ransom https://blogs.akamai.com/2018/03/memcached-now-with-extortion.html Cheap Android Trojans Come PreInstalled With Banking Malware https://news.drweb.com/show/?lng=en&i=11749&c=5 RedDrop Android Malware Installed via 3rd Party App Stores https://www.wandera.com/blog/reddrop-malware/