SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
#news #technews #technology #news #dailynews

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Similar Podcasts

Elixir Outlaws

Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.

The Cynical Developer

The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career, through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.

ThunderCast

ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.

ISC StormCast for Monday, October 7th, 2024

October 06, 2024 5:34 4.97 MB Downloads: 0

Survey of CUPS exploit URLs https://isc.sans.edu/diary/Survey%20of%20CUPS%20exploit%20attempts/31326 Exposed LDAP Servers https://www.usenix.org/conference/usenixsecurity24/presentation/kaspereit Exploiting Visual Studio via Dump Files https://ynwarcs.github.io/exploiting-vs-dump-files Apple Security Updates https://support.apple.com/en-us/100100 Free API Security Workshop https://www.sans.org/webcasts/aviata-solo-flight-challenge-cloud-security-workshop-chapter-7/

ISC StormCast for Friday, October 4th, 2024

October 03, 2024 5:53 5.24 MB Downloads: 0

Kickstart Your DShield Honeypot https://isc.sans.edu/diary/Kickstart%20Your%20DShield%20Honeypot%20%5BGuest%20Diary%5D/31320 CreanaKeeper Use of Cloud Services https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/ Pixel Addressing Vulnerabilities in Cellular Modems https://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html Optigo Spectra Vulnerabilities https://claroty.com/team82/disclosure-dashboard/cve-2024-41925 https://claroty.com/team82/disclosure-dashboard/cve-2024-45367

This episode has failed processing Original Audio

ISC StormCast for Thursday, October 3rd, 2024

October 02, 2024 6:35 5.83 MB Downloads: 0

Security Related Docker Containers https://isc.sans.edu/diary/Security%20related%20Docker%20containers/31318 CUPS DDoS Attack https://www.akamai.com/blog/security-research/october-cups-ddos-threat Draytek Vulnerabilities https://www.forescout.com/resources/draybreak-draytek-research/ SANS Munich (free Community Night Tuesday October 15th) https://www.sans.org/cyber-security-training-events/munich-october-2024/

ISC StormCast for Wednesday, October 2nd, 2024

October 01, 2024 5:43 5.1 MB Downloads: 0

Hurricane Helene Aftermath - Cyber Security Awareness Month https://isc.sans.edu/diary/Hurricane%20Helene%20Aftermath%20-%20Cyber%20Security%20Awareness%20Month/31314 Zimbra - Remote Command Execution (CVE-2024-45519) https://blog.projectdiscovery.io/zimbra-remote-code-execution/ Enhancing the security of Microsoft Edge extensions with the new Publish API https://blogs.windows.com/msedgedev/2024/09/30/enhanced-security-for-extensions-with-new-publish-api/ CVE-2024-36435 Deep-Dive: The Year s Most Critical BMC Security Flaw https://www.binarly.io/blog/cve-2024-36435-deep-dive-the-years-most-critical-bmc-security-flaw

ISC StormCast for Tuesday, October 1st, 2024

September 30, 2024 6:16 5.57 MB Downloads: 0

Tool Update: mac-robber.py, le-hex-to-ip.py https://isc.sans.edu/diary/Tool%20update%3A%20mac-robber.py%20and%20le-hex-to-ip.py/31310 Ransomware Attacks Expanding to Hybrid Cloud Environments https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/ Update on Recall Security and Privacy Architecture https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/ Detecting Ransomware in Windows Event Logs https://blogs.jpcert.or.jp/en/2024/09/windows.html Progress WhatsUp Gold Update https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024?popup=true&overview Singapore Class https://jbu.me/singapore

ISC StormCast for Monday, September 30th, 2024

September 29, 2024 7:00 6.18 MB Downloads: 0

CUPS Vulnerability https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302 PHP Updates https://www.php.net/ChangeLog-8.php#8.1.30 DNS And Big Chinese Firewall https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall https://isc.sans.edu/diary/Are+You+Piratebay+thepiratebayorg+Resolving+to+Various+Hosts/19175 HPE Aruba Networking Vulnerabilities https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US

ISC StormCast for Friday, September 27th, 2024

September 26, 2024 6:53 6.08 MB Downloads: 0

Patch for Critical CUPS vulnerability: Don't Panic https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302

ISC StormCast for Friday, September 27th, 2024

September 26, 2024 6:53 6.08 MB Downloads: 0

Patch for Critical CUPS vulnerability: Don't Panic https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302

ISC StormCast for Thursday, September 26th, 2024

September 25, 2024 7:01 6.2 MB Downloads: 0

DNS Reflection Update and Corrupted DNS Requests https://isc.sans.edu/diary/DNS%20Reflection%20Update%20and%20Odd%20Corrupted%20DNS%20Requests/31296 CVE-2024-28987 Solarwinds Web Help Desk Hardcoded Credentials Vulnerability https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/ cve-2024-28987 Watchguard Unauthenticated and Unencrypted SSO Protocol https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014 Infostealers Overcome Chrome's App Bound Encryption https://securityonline.info/infostealers-overcome-chromes-app-bound-encryption-threatening-user-data-security/

ISC StormCast for Thursday, September 26th, 2024

September 25, 2024 7:01 6.2 MB Downloads: 0

DNS Reflection Update and Corrupted DNS Requests https://isc.sans.edu/diary/DNS%20Reflection%20Update%20and%20Odd%20Corrupted%20DNS%20Requests/31296 CVE-2024-28987 Solarwinds Web Help Desk Hardcoded Credentials Vulnerability https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/ cve-2024-28987 Watchguard Unauthenticated and Unencrypted SSO Protocol https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014 Infostealers Overcome Chrome's App Bound Encryption https://securityonline.info/infostealers-overcome-chromes-app-bound-encryption-threatening-user-data-security/

ISC StormCast for Wednesday, September 25th, 2024

September 24, 2024 5:27 4.88 MB Downloads: 0

Exploitation of RAISECOM Gateway Devices CVE-2024-7120 https://isc.sans.edu/diary/Exploitation%20of%20RAISECOM%20Gateway%20Devices%20Vulnerability%20CVE-2024-7120/31292 Cellopoint Vulnerability CVE-2024-9043 https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html Cisco Smart Licensing Vulnerability Details https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html Ivanti Virtual Traffic Manager Exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog GNU Linux Systems Possible Critical Vulnerability https://securityonline.info/severe-unauthenticated-rce-flaw-cvss-9-9-in-gnu-linux-systems-awaiting-full-disclosure/

ISC StormCast for Wednesday, September 25th, 2024

September 24, 2024 5:27 4.88 MB Downloads: 0

Exploitation of RAISECOM Gateway Devices CVE-2024-7120 https://isc.sans.edu/diary/Exploitation%20of%20RAISECOM%20Gateway%20Devices%20Vulnerability%20CVE-2024-7120/31292 Cellopoint Vulnerability CVE-2024-9043 https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html Cisco Smart Licensing Vulnerability Details https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html Ivanti Virtual Traffic Manager Exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog GNU Linux Systems Possible Critical Vulnerability https://securityonline.info/severe-unauthenticated-rce-flaw-cvss-9-9-in-gnu-linux-systems-awaiting-full-disclosure/

ISC StormCast for Tuesday, September 24th, 2024

September 23, 2024 5:33 4.96 MB Downloads: 0

Phishing Links With @ Sign https://isc.sans.edu/diary/Phishing%20links%20with%20%40%20sign%20and%20the%20need%20for%20effective%20security%20awareness%20building/31288 Kaspersky Deletes Itself Installs UltraAV Antivirus Without Warning https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/ Microchip ASF tinydhcp Vulnerability https://kb.cert.org/vuls/id/138043

ISC StormCast for Tuesday, September 24th, 2024

September 23, 2024 5:33 4.96 MB Downloads: 0

Phishing Links With @ Sign https://isc.sans.edu/diary/Phishing%20links%20with%20%40%20sign%20and%20the%20need%20for%20effective%20security%20awareness%20building/31288 Kaspersky Deletes Itself Installs UltraAV Antivirus Without Warning https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/ Microchip ASF tinydhcp Vulnerability https://kb.cert.org/vuls/id/138043

ISC StormCast for Monday, September 23rd, 2024

September 22, 2024 5:13 4.69 MB Downloads: 0

Windows Server Update Services Deprecation https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-server-update-services-wsus-deprecation/ba-p/4250436 Windows Server 2025 Hotpatches https://techcommunity.microsoft.com/t5/windows-server-news-and-best/now-in-preview-hotpatch-for-windows-server-2025/ba-p/4248296 Google Suggests Not Using WHOIS for Certificate Validation https://lists.cabforum.org/pipermail/servercert-wg/2024-September/004821.html Versa Director Vulnerability https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9 Apache Hugegraph Vulnerability Exploited https://nvd.nist.gov/vuln/detail/CVE-2024-27348