A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
ISC StormCast for Wednesday, August 30th, 2023
Survival Time for Web Sites https://isc.sans.edu/diary/Survival%20time%20for%20web%20sites/30170 PDF/ActiveMime Polyglot Maldocs https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html https://blog.didierstevens.com/2023/08/29/quickpost-pdf-activemime-maldocs-yara-rule/ RocketMQ Vulnerability Exploited https://blogs.juniper.net/en-us/threat-research/dreambus-botnet-resurfaces-targets-rocketmq-vulnerability ManageEngine Vulnerabilty https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html
ISC StormCast for Wednesday, August 30th, 2023
Survival Time for Web Sites https://isc.sans.edu/diary/Survival%20time%20for%20web%20sites/30170 PDF/ActiveMime Polyglot Maldocs https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html https://blog.didierstevens.com/2023/08/29/quickpost-pdf-activemime-maldocs-yara-rule/ RocketMQ Vulnerability Exploited https://blogs.juniper.net/en-us/threat-research/dreambus-botnet-resurfaces-targets-rocketmq-vulnerability ManageEngine Vulnerabilty https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html
ISC StormCast for Tuesday, August 29th, 2023
Analysis of RAR Exploit Files (CVE-2023-38831) https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164 Juniper Exploit CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36847 https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/ Microsoft Will Enabled Extended Protection for Exchange Server by Default https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849 Rust Malware Stages on Crates.io https://blog.phylum.io/rust-malware-staged-on-crates-io/ SANS Community Night London Signup https://www.sans.org/mlp/community-night-cloud-security-london-september-2023
ISC StormCast for Tuesday, August 29th, 2023
Analysis of RAR Exploit Files (CVE-2023-38831) https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164 Juniper Exploit CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36847 https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/ Microsoft Will Enabled Extended Protection for Exchange Server by Default https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849 Rust Malware Stages on Crates.io https://blog.phylum.io/rust-malware-staged-on-crates-io/
ISC StormCast for Monday, August 28th, 2023
Python Malware Using Postgresql for C2 Communications https://isc.sans.edu/diary/Python%20Malware%20Using%20Postgresql%20for%20C2%20Communications/30158 macOS: Who is Behind This Network Connection? https://isc.sans.edu/diary/macOS%3A%20Who%3Fs%20Behind%20This%20Network%20Connection%3F/30160 CVE-2020-19909 Is Everything that is Wrong with CVEs https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/ Windows Certificate Confusion https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/ NPM E-Mail Validator Package Malware https://blog.phylum.io/npm-emails-validator-package-malware/
ISC StormCast for Monday, August 28th, 2023
Python Malware Using Postgresql for C2 Communications https://isc.sans.edu/diary/Python%20Malware%20Using%20Postgresql%20for%20C2%20Communications/30158 macOS: Who is Behind This Network Connection? https://isc.sans.edu/diary/macOS%3A%20Who%3Fs%20Behind%20This%20Network%20Connection%3F/30160 CVE-2020-19909 Is Everything that is Wrong with CVEs https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/ Windows Certificate Confusion https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/ NPM E-Mail Validator Package Malware https://blog.phylum.io/npm-emails-validator-package-malware/
ISC StormCast for Friday, August 25th, 2023
How I made a "QWERTY" Keyboard Walk Password Generator with ChatGPT https://isc.sans.edu/diary/How%20I%20made%20a%20qwerty%20%3Fkeyboard%20walk%3F%20password%20generator%20with%20ChatGPT%20%20%5BGuest%20Diary%5D/30152 FBI Warns of Persistent Barracuda Backdoors https://www.ic3.gov/Media/News/2023/230823.pdf Ivanti Sentry Athentication Bypass Deep Diver CVE-2023-38035 https://www.horizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/ Smoke Loader Drops Whiffy Recon WiFi Scanning and Geolocation Malware https://www.secureworks.com/blog/smoke-loader-drops-whiffy-recon-wi-fi-scanning-and-geolocation-malware
ISC StormCast for Friday, August 25th, 2023
How I made a "QWERTY" Keyboard Walk Password Generator with ChatGPT https://isc.sans.edu/diary/How%20I%20made%20a%20qwerty%20%3Fkeyboard%20walk%3F%20password%20generator%20with%20ChatGPT%20%20%5BGuest%20Diary%5D/30152 FBI Warns of Persistent Barracuda Backdoors https://www.ic3.gov/Media/News/2023/230823.pdf Ivanti Sentry Athentication Bypass Deep Diver CVE-2023-38035 https://www.horizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/ Smoke Loader Drops Whiffy Recon WiFi Scanning and Geolocation Malware https://www.secureworks.com/blog/smoke-loader-drops-whiffy-recon-wi-fi-scanning-and-geolocation-malware
ISC StormCast for Thursday, August 24th, 2023
More Exotic Excel Files Dropping AgentTesla https://isc.sans.edu/diary/More%20Exotic%20Excel%20Files%20Dropping%20AgentTesla/30150 CVE-2023-38831 WinRAR Vulnerability Exploited https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/ Aruba Vulnerabilities https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt
ISC StormCast for Thursday, August 24th, 2023
More Exotic Excel Files Dropping AgentTesla https://isc.sans.edu/diary/More%20Exotic%20Excel%20Files%20Dropping%20AgentTesla/30150 CVE-2023-38831 WinRAR Vulnerability Exploited https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/ Aruba Vulnerabilities https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt
ISC StormCast for Wednesday, August 23rd, 2023
Fernet Encryption in Malware https://isc.sans.edu/forums/diary/Have%20You%20Ever%20Heard%20of%20the%20Fernet%20Encryption%20Algorithm%3F/30146/ Malware Triage With Inotify Tools https://isc.sans.edu/diary/Quick+Malware+Triage+With+Inotify+Tools/30142/ Adobe Coldfusion Exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog Openfire Admin Console Vulnerability Exploited https://vulncheck.com/blog/openfire-cve-2023-32315 XLoader Mac Malware Updates https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
ISC StormCast for Wednesday, August 23rd, 2023
Fernet Encryption in Malware https://isc.sans.edu/forums/diary/Have%20You%20Ever%20Heard%20of%20the%20Fernet%20Encryption%20Algorithm%3F/30146/ Malware Triage With Inotify Tools https://isc.sans.edu/diary/Quick+Malware+Triage+With+Inotify+Tools/30142/ Adobe Coldfusion Exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog Openfire Admin Console Vulnerability Exploited https://vulncheck.com/blog/openfire-cve-2023-32315 XLoader Mac Malware Updates https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
ISC StormCast for Tuesday, August 22nd, 2023
SystemBC Scans and ProxyNation https://isc.sans.edu/diary/SystemBC%20Malware%20Activity%20/30138 https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware Exchange Server Security Update Re-Release https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025 Ivanti Sentry Vulnerability Exploited https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US DUO Security Outage https://status.duo.com/incidents/rw7g0q7ztj8f mTLS Vulnerabilities https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
ISC StormCast for Tuesday, August 22nd, 2023
SystemBC Scans and ProxyNation https://isc.sans.edu/diary/SystemBC%20Malware%20Activity%20/30138 https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware Exchange Server Security Update Re-Release https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025 Ivanti Sentry Vulnerability Exploited https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US DUO Security Outage https://status.duo.com/incidents/rw7g0q7ztj8f mTLS Vulnerabilities https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
ISC StormCast for Monday, August 21st, 2023
From a Zalando Phish to a RAT https://isc.sans.edu/diary/From%20a%20Zalando%20Phishing%20to%20a%20RAT/30136 RARLAB WinRAR Recovery Volume Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-23-1152/ Hotmail SPF Record Error Leads to spam false positives https://www.bleepingcomputer.com/news/microsoft/hotmail-email-delivery-fails-after-microsoft-misconfigures-dns/ Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/ Google Chrome to Warn Users of Malicious Extensions https://betanews.com/2023/08/17/google-chrome-to-warn-users-about-problematic-extensions/