A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
ISC StormCast for Tuesday, October 3rd, 2023
Friendly Reminder: ZIP Metadata is Not Encrypted https://isc.sans.edu/diary/Friendly%20Reminder%3A%20ZIP%20Metadata%20is%20Not%20Encrypted/30268 EXIM New Version Released https://www.exim.org/static/doc/security/CVE-2023-zdi.txt Mail GPU Kernel Driver Allows Improper GPU Memory Processing Operations https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities Bing AI Serves Malicous Ads https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot Google Announces Robots.txt Ad-Restrictions https://developers.google.com/search/docs/crawling-indexing/overview-google-crawlers#adsbot-mobile-web-android
ISC StormCast for Monday, October 2nd, 2023
Analyzing MIME Files: a Quick Tip https://isc.sans.edu/diary/Analyzing%20MIME%20Files%3A%20a%20Quick%20Tip/30266 Infostealers Looking for Password Files https://isc.sans.edu/diary/Are+You+Still+Storing+Passwords+In+Plain+Text+Files/30262/ Simple Netcat Backdoor https://isc.sans.edu/diary/Simple+Netcat+Backdoor+in+Python+Script/30264/ EXIM Response to the ZDI Release https://exim.org/static/doc/security/CVE-2023-zdi.txt Exploit for WS_FTP Vulnerability https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044
ISC StormCast for Monday, October 2nd, 2023
Analyzing MIME Files: a Quick Tip https://isc.sans.edu/diary/Analyzing%20MIME%20Files%3A%20a%20Quick%20Tip/30266 Infostealers Looking for Password Files https://isc.sans.edu/diary/Are+You+Still+Storing+Passwords+In+Plain+Text+Files/30262/ Simple Netcat Backdoor https://isc.sans.edu/diary/Simple+Netcat+Backdoor+in+Python+Script/30264/ EXIM Response to the ZDI Release https://exim.org/static/doc/security/CVE-2023-zdi.txt Exploit for WS_FTP Vulnerability https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044
ISC StormCast for Friday, September 29th, 2023
IPv4 Addresses in Little Endian Decimal Format https://isc.sans.edu/diary/IPv4%20Addresses%20in%20Little%20Endian%20Decimal%20Format/30256 Chrome Update fixes 0-day Vulnerability https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html Unpatched EXIM Vulnerabilities https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ WS_FTP Vulnerabilities https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
ISC StormCast for Friday, September 29th, 2023
IPv4 Addresses in Little Endian Decimal Format https://isc.sans.edu/diary/IPv4%20Addresses%20in%20Little%20Endian%20Decimal%20Format/30256 Chrome Update fixes 0-day Vulnerability https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html Unpatched EXIM Vulnerabilities https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ WS_FTP Vulnerabilities https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
ISC StormCast for Thursday, September 28th, 2023
GPU Sidechannel Attack https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf Router Firmware Compromised for Persistent Access https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csa-cyber-report-sept-2023 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a More libwebp vulnerability confusion https://www.cve.org/CVERecord?id=CVE-2023-5129 https://arstechnica.com/security/2023/09/google-quietly-corrects-previously-submitted-disclosure-for-critical-webp-0-day/ Fake Dependabot Commits https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/
ISC StormCast for Thursday, September 28th, 2023
GPU Sidechannel Attack https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf Router Firmware Compromised for Persistent Access https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csa-cyber-report-sept-2023 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a More libwebp vulnerability confusion https://www.cve.org/CVERecord?id=CVE-2023-5129 https://arstechnica.com/security/2023/09/google-quietly-corrects-previously-submitted-disclosure-for-critical-webp-0-day/ Fake Dependabot Commits https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/
ISC StormCast for Wednesday, September 27th, 2023
A new spint on the ZeroFont phishing technique https://isc.sans.edu/diary/A%20new%20spin%20on%20the%20ZeroFont%20phishing%20technique/30248 macOS Sonoma Updates https://isc.sans.edu/diary/Apple%20Releases%20MacOS%20Sonoma%20Including%20Numerous%20Security%20Patches/30252
ISC StormCast for Wednesday, September 27th, 2023
A new spint on the ZeroFont phishing technique https://isc.sans.edu/diary/A%20new%20spin%20on%20the%20ZeroFont%20phishing%20technique/30248 macOS Sonoma Updates https://isc.sans.edu/diary/Apple%20Releases%20MacOS%20Sonoma%20Including%20Numerous%20Security%20Patches/30252
ISC StormCast for Tuesday, September 26th, 2023
LuaJIT Malware https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/ NPM systeminformation flaw https://systeminformation.io/security.html Team City Authentication Bypass https://twitter.com/ptswarm/status/1706223917008834748
ISC StormCast for Tuesday, September 26th, 2023
LuaJIT Malware https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/ NPM systeminformation flaw https://systeminformation.io/security.html Team City Authentication Bypass https://twitter.com/ptswarm/status/1706223917008834748
ISC StormCast for Monday, September 25th, 2023
Scanning for Laravel - a PHP Framework for Web Artisants https://isc.sans.edu/forums/diary/Scanning%20for%20Laravel%20-%20a%20PHP%20Framework%20for%20Web%20Artisants/30242/ Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/ Unmasking a Sophistiacted Phishing Campaign That Targets Hotel Guests https://www.akamai.com/blog/security-research/sophisticated-phishing-campaign-targeting-hospitality BSides JAX October 14th https://www.bsidesjax.org/ tickets: https://www.eventbrite.com/e/bsides-jacksonville-2023-registration-566463807497?aff=oddtdtcreator
ISC StormCast for Monday, September 25th, 2023
Scanning for Laravel - a PHP Framework for Web Artisants https://isc.sans.edu/forums/diary/Scanning%20for%20Laravel%20-%20a%20PHP%20Framework%20for%20Web%20Artisants/30242/ Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/ Unmasking a Sophistiacted Phishing Campaign That Targets Hotel Guests https://www.akamai.com/blog/security-research/sophisticated-phishing-campaign-targeting-hospitality BSides JAX October 14th https://www.bsidesjax.org/ tickets: https://www.eventbrite.com/e/bsides-jacksonville-2023-registration-566463807497?aff=oddtdtcreator
ISC StormCast for Friday, September 22nd, 2023
Apple Patches Three 0-Days https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238 WebP Vulnerability https://blog.isosceles.com/the-webp-0day/ MOVEit Transfer Service Pack https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023 Improved Passkey Support in Windows 11 https://www.microsoft.com/en-us/security/blog/2023/09/21/new-microsoft-security-tools-to-protect-families-and-businesses/
ISC StormCast for Friday, September 22nd, 2023
Apple Patches Three 0-Days https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238 WebP Vulnerability https://blog.isosceles.com/the-webp-0day/ MOVEit Transfer Service Pack https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023 Improved Passkey Support in Windows 11 https://www.microsoft.com/en-us/security/blog/2023/09/21/new-microsoft-security-tools-to-protect-families-and-businesses/