A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
Linux For Everyone
A show about the thrilling world of desktop Linux, open-source software, and the community creating it. For beginners and veterans alike! Hosted by Jason Evangelho, Jerry Morrison and Schykle.
ISC StormCast for Thursday, February 2nd 2017
Multiple Vulnerabilites in tcpdump https://isc.sans.edu/forums/diary/Multiple+Vulnerabilities+in+tcpdump/22017/ Quick Analysis of Data Left Available by Attackers https://isc.sans.edu/forums/diary/Quick+Analysis+of+Data+Left+Available+by+Attackers/22015/ Securing The Human Ouch! Newsletter https://securingthehuman.sans.org/ouch/ Redis CSRF Vulnerability Exploit https://github.com/dxa4481/whatsinmyredis
ISC StormCast for Wednesday, February 1st 2017
Fileless UAC Bypass Used to Drop Keybase Malware https://isc.sans.edu/forums/diary/Malicious+Office+files+using+fileless+UAC+bypass+to+drop+KEYBASE+malware/22011/ Apple Removes Activation Lock Test Tool After Abuse https://www.macrumors.com/2017/01/30/activation-lock-website-used-in-hack/ Multiple Vulnerabilities in tcpdump https://www.debian.org/security/2017/dsa-3775 Postscript Printer Vulnerabilities http://seclists.org/fulldisclosure/2017/Jan/89 Stop Disabling SELinux https://learntemail.sam.today/blog/stop-disabling-selinux:-a-real-world-guide/
ISC StormCast for Wednesday, February 1st 2017
Fileless UAC Bypass Used to Drop Keybase Malware https://isc.sans.edu/forums/diary/Malicious+Office+files+using+fileless+UAC+bypass+to+drop+KEYBASE+malware/22011/ Apple Removes Activation Lock Test Tool After Abuse https://www.macrumors.com/2017/01/30/activation-lock-website-used-in-hack/ Multiple Vulnerabilities in tcpdump https://www.debian.org/security/2017/dsa-3775 Postscript Printer Vulnerabilities http://seclists.org/fulldisclosure/2017/Jan/89 Stop Disabling SELinux https://learntemail.sam.today/blog/stop-disabling-selinux:-a-real-world-guide/
ISC StormCast for Tuesday, January 31st 2017
py2exe Decompiling Part 2 https://isc.sans.edu/forums/diary/py2exe+Decompiling+Part+2/22005/ Telemarketer Leaks Call Recordings https://mackeeper.com/blog/post/326-telemarketing-company-leaks-400k-of-sensitive-files Facebook Introduces Delegated Recovery Protocol https://github.com/facebookincubator/DelegatedRecovery/ https://raw.githubusercontent.com/facebookincubator/DelegatedRecovery/master/draft-hill-delegated-recovery.raw.txt Another Cisco WebEx Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Cryptkeeper Does Not Correctly Encrypt Folders https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751
ISC StormCast for Tuesday, January 31st 2017
py2exe Decompiling Part 2 https://isc.sans.edu/forums/diary/py2exe+Decompiling+Part+2/22005/ Telemarketer Leaks Call Recordings https://mackeeper.com/blog/post/326-telemarketing-company-leaks-400k-of-sensitive-files Facebook Introduces Delegated Recovery Protocol https://github.com/facebookincubator/DelegatedRecovery/ https://raw.githubusercontent.com/facebookincubator/DelegatedRecovery/master/draft-hill-delegated-recovery.raw.txt Another Cisco WebEx Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Cryptkeeper Does Not Correctly Encrypt Folders https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751
ISC StormCast for Monday, January 30th 2017
Port 5358 Scans for Devices https://isc.sans.edu/forums/diary/Request+for+Packets+and+Logs+TCP+5358/21997/ OpenSSH Vulnerablity http://www.openwall.com/lists/oss-security/2017/01/26/2 Ransomware Hits Traffic Cameras in DC https://www.washingtonpost.com/local/public-safety/hackers-hit-dc-police-closed-circuit-camera-network-city-officials-disclose/2017/01/27/d285a4a4-e4f5-11e6-ba11-63c4b4fb5a63_print.html Hotel Hit By Ransomware http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms Not So Private Android VPNs http://www.icir.org/vern/papers/vpn-apps-imc16.pdf Google Starting its own Certificate Authority https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html
ISC StormCast for Monday, January 30th 2017
Port 5358 Scans for Devices https://isc.sans.edu/forums/diary/Request+for+Packets+and+Logs+TCP+5358/21997/ OpenSSH Vulnerablity http://www.openwall.com/lists/oss-security/2017/01/26/2 Ransomware Hits Traffic Cameras in DC https://www.washingtonpost.com/local/public-safety/hackers-hit-dc-police-closed-circuit-camera-network-city-officials-disclose/2017/01/27/d285a4a4-e4f5-11e6-ba11-63c4b4fb5a63_print.html Hotel Hit By Ransomware http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms Not So Private Android VPNs http://www.icir.org/vern/papers/vpn-apps-imc16.pdf Google Starting its own Certificate Authority https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html
ISC StormCast for Friday, January 27th 2017
IOCs: Risks of False Positive Floods https://isc.sans.edu/forums/diary/IOCs+Risks+of+False+Positive+Alerts+Flood+Ahead/21977/ Android Ransomware in Google Play Store http://blog.checkpoint.com/2017/01/24/charger-malware/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html#y2017 Facebook To Implement U2F (FIDO) Login https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766 WebEx Update https://bugs.chromium.org/p/project-zero/issues/detail?id=1100
ISC StormCast for Friday, January 27th 2017
IOCs: Risks of False Positive Floods https://isc.sans.edu/forums/diary/IOCs+Risks+of+False+Positive+Alerts+Flood+Ahead/21977/ Android Ransomware in Google Play Store http://blog.checkpoint.com/2017/01/24/charger-malware/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html#y2017 Facebook To Implement U2F (FIDO) Login https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766 WebEx Update https://bugs.chromium.org/p/project-zero/issues/detail?id=1100
ISC StormCast for Thursday, January 26th 2017
Cisco WebEx Remains Vulnerable. Other Browsers Affected https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Malicious SVG Files Fund in the Wild https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/ W2 Scams Hitting Again http://www.nbcdfw.com/news/local/Argyle-ISD-Employees-Hit-with-Data-Breach-411337825.html XXE Entity Vulnerability in Uber https://httpsonly.blogspot.co.ke/2017/01/0day-writeup-xxe-in-ubercom.html?m=1 Firefox 51 Released https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
ISC StormCast for Thursday, January 26th 2017
Cisco WebEx Remains Vulnerable. Other Browsers Affected https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Malicious SVG Files Fund in the Wild https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/ W2 Scams Hitting Again http://www.nbcdfw.com/news/local/Argyle-ISD-Employees-Hit-with-Data-Breach-411337825.html XXE Entity Vulnerability in Uber https://httpsonly.blogspot.co.ke/2017/01/0day-writeup-xxe-in-ubercom.html?m=1 Firefox 51 Released https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
ISC StormCast for Wednesday, January 25th 2017
Cisco Releases Patch for Chrome Webex Plugin https://continuum.cisco.com/2017/01/23/its-a-good-idea-to-patch-your-webex-chrome-extension-now/ Companies Fall For Fake Ransomware https://www.citrix.com/blogs/2017/01/24/bluff-ransomware-attacks-bamboozle-british-businesses/ systemd priviledge escalation vulnerablity http://www.openwall.com/lists/oss-security/2017/01/24/4 nginx update released http://nginx.org/en/CHANGES
ISC StormCast for Wednesday, January 25th 2017
Cisco Releases Patch for Chrome Webex Plugin https://continuum.cisco.com/2017/01/23/its-a-good-idea-to-patch-your-webex-chrome-extension-now/ Companies Fall For Fake Ransomware https://www.citrix.com/blogs/2017/01/24/bluff-ransomware-attacks-bamboozle-british-businesses/ systemd priviledge escalation vulnerablity http://www.openwall.com/lists/oss-security/2017/01/24/4 nginx update released http://nginx.org/en/CHANGES
ISC StormCast for Tuesday, January 24th 2017
Experimenting With IPv6 Fragments https://isc.sans.edu/forums/diary/How+to+Have+Fun+With+IPv6+Fragments+and+Scapy/21963/ Apple Updates Everything https://support.apple.com/en-us/HT201222 WebEx Secret Install URL https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 Vulnerability in Symantec Norton Download Manager https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00 Exploit for Microsoft RDC Client on Mac https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution
ISC StormCast for Tuesday, January 24th 2017
Experimenting With IPv6 Fragments https://isc.sans.edu/forums/diary/How+to+Have+Fun+With+IPv6+Fragments+and+Scapy/21963/ Apple Updates Everything https://support.apple.com/en-us/HT201222 WebEx Secret Install URL https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 Vulnerability in Symantec Norton Download Manager https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00 Exploit for Microsoft RDC Client on Mac https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution