A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Friday, July 14th 2017
Malware Loads ffmpeg For Video Recording Features https://blog.malwarebytes.com/threat-analysis/2017/07/malware-abusing-ffmpeg/ Password Managers and Cloud Storage https://discussions.agilebits.com/discussion/76956/can-i-still-buy-standalone-license-for-the-1password-no-longer-being-marketed/p8 SAP Point of Sales Express Patch https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-july-2017/ Roderick Currie: Car Hacking Developments https://www.sans.org/reading-room/whitepapers/internet/developments-car-hacking-36607
ISC StormCast for Friday, July 14th 2017
Malware Loads ffmpeg For Video Recording Features https://blog.malwarebytes.com/threat-analysis/2017/07/malware-abusing-ffmpeg/ Password Managers and Cloud Storage https://discussions.agilebits.com/discussion/76956/can-i-still-buy-standalone-license-for-the-1password-no-longer-being-marketed/p8 SAP Point of Sales Express Patch https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-july-2017/ Roderick Currie: Car Hacking Developments https://www.sans.org/reading-room/whitepapers/internet/developments-car-hacking-36607
ISC StormCast for Thursday, July 13th 2017
Simple File Integrity Monitoring With Backup Scripts https://isc.sans.edu/forums/diary/Backup+Scripts+the+FIM+of+the+Poor/22606/ Ethereum Wallet Services Targeted By Scammers http://www.ibtimes.co.uk/ethereum-under-siege-scammers-make-700000-6-days-slack-reddit-phishing-attacks-1629866 MongoDB Security Surprises For Shared Hosting https://medium.com/@alexbyk/mongodb-at-shared-hosting-security-surprises-c441ecb84b54 Trend Micro Vulnerabilities https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities
ISC StormCast for Thursday, July 13th 2017
Simple File Integrity Monitoring With Backup Scripts https://isc.sans.edu/forums/diary/Backup+Scripts+the+FIM+of+the+Poor/22606/ Ethereum Wallet Services Targeted By Scammers http://www.ibtimes.co.uk/ethereum-under-siege-scammers-make-700000-6-days-slack-reddit-phishing-attacks-1629866 MongoDB Security Surprises For Shared Hosting https://medium.com/@alexbyk/mongodb-at-shared-hosting-security-surprises-c441ecb84b54 Trend Micro Vulnerabilities https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities
ISC StormCast for Wednesday, July 12th 2017
Microsoft Patch Tuesday https://isc.sans.edu/diary//22602 AT&T Cell Phone Takeover https://carpeaqua.com/2017/07/07/hack-the-planet/ Systemd Invalid Username Bug To Be Fixed https://github.com/systemd/systemd/pull/6300
ISC StormCast for Wednesday, July 12th 2017
Microsoft Patch Tuesday https://isc.sans.edu/diary//22602 AT&T Cell Phone Takeover https://carpeaqua.com/2017/07/07/hack-the-planet/ Systemd Invalid Username Bug To Be Fixed https://github.com/systemd/systemd/pull/6300
ISC StormCast for Tuesday, July 11th 2017
Takeover of .io TLD https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/ Malwarebytes Quarterly Malware Report https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf OpenBSD Introducing KARL To Randomize Kernel Layout at Boot https://marc.info/?l=openbsd-tech&m=149732026405941&w=2
ISC StormCast for Tuesday, July 11th 2017
Takeover of .io TLD https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/ Malwarebytes Quarterly Malware Report https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf OpenBSD Introducing KARL To Randomize Kernel Layout at Boot https://marc.info/?l=openbsd-tech&m=149732026405941&w=2
ISC StormCast for Monday, July 10th 2017
More DDoS Ransom Demands https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Adversary Hunting With SOF-ELK https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Petya Master Key Published https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F Template Attacks Against Critical Infrastructure http://blog.talosintelligence.com/2017/07/template-injection.html
ISC StormCast for Monday, July 10th 2017
More DDoS Ransom Demands https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Adversary Hunting With SOF-ELK https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Petya Master Key Published https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F Template Attacks Against Critical Infrastructure http://blog.talosintelligence.com/2017/07/template-injection.html
ISC StormCast for Friday, July 7th 2017
Finding Odd Domain Names https://isc.sans.edu/forums/diary/Selecting+domains+with+random+names/22580/ BitTorrent Sync 2.0 Log Files https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Service+Part+2+Log+Files+artefacts/22582/ Cisco Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2 Finding Weak Password Hashing Algorithms Via Hash Collisions https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/ BIND TSIG Exploit http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf
ISC StormCast for Friday, July 7th 2017
Finding Odd Domain Names https://isc.sans.edu/forums/diary/Selecting+domains+with+random+names/22580/ BitTorrent Sync 2.0 Log Files https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Service+Part+2+Log+Files+artefacts/22582/ Cisco Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2 Finding Weak Password Hashing Algorithms Via Hash Collisions https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/ BIND TSIG Exploit http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf
ISC StormCast for Thursday, July 6th 2017
AVTest Report: Ransomware not a big deal; Android/MacOS Catching up to Windows https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf Microsoft Will Prompt Users to Update Windows 10 https://support.microsoft.com/en-us/help/4023814 Bithumb Bitcoin Exchange Hacked (Article in Korean) http://bithumb.cafe/archives/7329 Turkish Airlines and Emirates Remove Laptop Ban http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/ Ukrainian Authorities Raid MeDoc (Article in Ukrainian) https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/
ISC StormCast for Thursday, July 6th 2017
AVTest Report: Ransomware not a big deal; Android/MacOS Catching up to Windows https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf Microsoft Will Prompt Users to Update Windows 10 https://support.microsoft.com/en-us/help/4023814 Bithumb Bitcoin Exchange Hacked (Article in Korean) http://bithumb.cafe/archives/7329 Turkish Airlines and Emirates Remove Laptop Ban http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/ Ukrainian Authorities Raid MeDoc (Article in Ukrainian) https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/
ISC StormCast for Wednesday, July 5th 2017
Microsoft Patches Skype Vulnerability https://www.vulnerability-lab.com/get_content.php?id=2071 SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug) https://github.com/systemd/systemd/issues/6237 Cisco Fixes SNMP Vulnerability in IOS and IOS XE https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp Smartphones Can Be Compromised with shady replacement parts https://iss.oy.ne.ro/Shattered Siemens Fixes Intel AMT Bug https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf Update For libgcrypt https://www.ubuntuupdates.org/package/core/zesty/main/updates/libgcrypt20-dev