A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
CppCast
Every two weeks, or so, we sit down with guests from the C++ community to discuss the latest news and what they have been up to. Find us at cppcast.com
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Wednesday, August 23rd, 2023
Fernet Encryption in Malware https://isc.sans.edu/forums/diary/Have%20You%20Ever%20Heard%20of%20the%20Fernet%20Encryption%20Algorithm%3F/30146/ Malware Triage With Inotify Tools https://isc.sans.edu/diary/Quick+Malware+Triage+With+Inotify+Tools/30142/ Adobe Coldfusion Exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog Openfire Admin Console Vulnerability Exploited https://vulncheck.com/blog/openfire-cve-2023-32315 XLoader Mac Malware Updates https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
ISC StormCast for Tuesday, August 22nd, 2023
SystemBC Scans and ProxyNation https://isc.sans.edu/diary/SystemBC%20Malware%20Activity%20/30138 https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware Exchange Server Security Update Re-Release https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025 Ivanti Sentry Vulnerability Exploited https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US DUO Security Outage https://status.duo.com/incidents/rw7g0q7ztj8f mTLS Vulnerabilities https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
ISC StormCast for Tuesday, August 22nd, 2023
SystemBC Scans and ProxyNation https://isc.sans.edu/diary/SystemBC%20Malware%20Activity%20/30138 https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware Exchange Server Security Update Re-Release https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025 Ivanti Sentry Vulnerability Exploited https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US DUO Security Outage https://status.duo.com/incidents/rw7g0q7ztj8f mTLS Vulnerabilities https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
ISC StormCast for Monday, August 21st, 2023
From a Zalando Phish to a RAT https://isc.sans.edu/diary/From%20a%20Zalando%20Phishing%20to%20a%20RAT/30136 RARLAB WinRAR Recovery Volume Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-23-1152/ Hotmail SPF Record Error Leads to spam false positives https://www.bleepingcomputer.com/news/microsoft/hotmail-email-delivery-fails-after-microsoft-misconfigures-dns/ Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/ Google Chrome to Warn Users of Malicious Extensions https://betanews.com/2023/08/17/google-chrome-to-warn-users-about-problematic-extensions/
ISC StormCast for Monday, August 21st, 2023
From a Zalando Phish to a RAT https://isc.sans.edu/diary/From%20a%20Zalando%20Phishing%20to%20a%20RAT/30136 RARLAB WinRAR Recovery Volume Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-23-1152/ Hotmail SPF Record Error Leads to spam false positives https://www.bleepingcomputer.com/news/microsoft/hotmail-email-delivery-fails-after-microsoft-misconfigures-dns/ Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/ Google Chrome to Warn Users of Malicious Extensions https://betanews.com/2023/08/17/google-chrome-to-warn-users-about-problematic-extensions/
ISC StormCast for Friday, August 18th, 2023
Command Line Parsing - Are These Really Unique Strings? https://isc.sans.edu/diary/Command%20Line%20Parsing%20-%20Are%20These%20Really%20Unique%20Strings%3F/30126 iOS 16 Fake Airplane Mode https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/ LinkedIn Attacks https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/ Robot Vacuum Privacy Issues https://dontvacuum.me/talks/DEFCON31/DEFCON31-vacuum-robots-final.pdf https://dontvacuum.me/
ISC StormCast for Friday, August 18th, 2023
Command Line Parsing - Are These Really Unique Strings? https://isc.sans.edu/diary/Command%20Line%20Parsing%20-%20Are%20These%20Really%20Unique%20Strings%3F/30126 iOS 16 Fake Airplane Mode https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/ LinkedIn Attacks https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/ Robot Vacuum Privacy Issues https://dontvacuum.me/talks/DEFCON31/DEFCON31-vacuum-robots-final.pdf https://dontvacuum.me/
ISC StormCast for Thursday, August 17th, 2023
PowerShell Gallery Prone to Typosqatting, Other Sypply Chain Attacks https://www.darkreading.com/application-security/powershell-gallery-prone-to-typosquatting-other-supply-chain-attacks Windows Random Time Issues https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/ Energy Company Targeted in QR Code Campaign https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/ New Citrix Scanner from Mandiant https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner
ISC StormCast for Thursday, August 17th, 2023
PowerShell Gallery Prone to Typosqatting, Other Sypply Chain Attacks https://www.darkreading.com/application-security/powershell-gallery-prone-to-typosquatting-other-supply-chain-attacks Windows Random Time Issues https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/ Energy Company Targeted in QR Code Campaign https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/ New Citrix Scanner from Mandiant https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner
ISC StormCast for Wednesday, August 16th, 2023
macOS Background Task Manager Bypass https://www.wired.com/story/apple-mac-background-task-management-flaw/ Ivanti Avalanche Vulnerability https://www.tenable.com/security/research/tra-2023-27 Exploiting Synology NAS Cloud Connectivity https://claroty.com/team82/research/a-pain-in-the-nas-exploiting-cloud-connectivity-to-pwn-your-nas-synology-ds920-edition Fake Crypto Currency Apps Offered as "Beta" versions https://www.ic3.gov/Media/Y2023/PSA230814
ISC StormCast for Wednesday, August 16th, 2023
macOS Background Task Manager Bypass https://www.wired.com/story/apple-mac-background-task-management-flaw/ Ivanti Avalanche Vulnerability https://www.tenable.com/security/research/tra-2023-27 Exploiting Synology NAS Cloud Connectivity https://claroty.com/team82/research/a-pain-in-the-nas-exploiting-cloud-connectivity-to-pwn-your-nas-synology-ds920-edition Fake Crypto Currency Apps Offered as "Beta" versions https://www.ic3.gov/Media/Y2023/PSA230814
ISC StormCast for Tuesday, August 15th, 2023
PDFiD False Positives Revisited https://isc.sans.edu/diary/PDFiD%3A%20False%20Positives%20Revisited/30122 CVE-2023-32019 Fix Enabled by Default; https://support.microsoft.com/en-us/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080 CyberPower and Dataprobe Vulnerabilities https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html Ford WiFi Driver Vulnerability https://www.ti.com/lit/er/swra773/swra773.pdf?ts=1691717352391&ref_url=https%253A%252F%252Fmedia.ford.com%252F
ISC StormCast for Tuesday, August 15th, 2023
PDFiD False Positives Revisited https://isc.sans.edu/diary/PDFiD%3A%20False%20Positives%20Revisited/30122 CVE-2023-32019 Fix Enabled by Default; https://support.microsoft.com/en-us/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080 CyberPower and Dataprobe Vulnerabilities https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html Ford WiFi Driver Vulnerability https://www.ti.com/lit/er/swra773/swra773.pdf?ts=1691717352391&ref_url=https%253A%252F%252Fmedia.ford.com%252F
ISC StormCast for Monday, August 14th, 2023
Show Me All Your Windows https://isc.sans.edu/diary/Show%20me%20All%20Your%20Windows!/30116 Zero Touch Pwn https://blog.syss.com/posts/zero-touch-pwn/ Maginot DNS Spoofing Attack https://www.usenix.org/conference/usenixsecurity23/presentation/li-xiang
ISC StormCast for Monday, August 14th, 2023
Show Me All Your Windows https://isc.sans.edu/diary/Show%20me%20All%20Your%20Windows!/30116 Zero Touch Pwn https://blog.syss.com/posts/zero-touch-pwn/ Maginot DNS Spoofing Attack https://www.usenix.org/conference/usenixsecurity23/presentation/li-xiang