A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
ISC StormCast for Tuesday, February 14th, 2023
Apple Patches Exploited Vulnerablity https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/29544 Venmo Phishing Abusing LinkedIn "slink" https://isc.sans.edu/diary/Venmo+Phishing+Abusing+LinkedIn+slink/29542/ Malicious PyPi Packages Install Browser Extensions https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack
ISC StormCast for Tuesday, February 14th, 2023
Apple Patches Exploited Vulnerablity https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/29544 Venmo Phishing Abusing LinkedIn "slink" https://isc.sans.edu/diary/Venmo+Phishing+Abusing+LinkedIn+slink/29542/ Malicious PyPi Packages Install Browser Extensions https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack
ISC StormCast for Monday, February 13th, 2023
Obfuscated Deactivation of Script Block Logging https://isc.sans.edu/diary/Obfuscated%20Deactivation%20of%20Script%20Block%20Logging/29538 PCAP Data Analysis with Zeek https://isc.sans.edu/diary/PCAP%20Data%20Analysis%20with%20Zeek/29530 Bing Chat Prompt Injection https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/ More Malicious Python Packages https://blog.sonatype.com/malicious-aptx-python-package-drops-meterpreter-shell-deletes-netstat
ISC StormCast for Monday, February 13th, 2023
Obfuscated Deactivation of Script Block Logging https://isc.sans.edu/diary/Obfuscated%20Deactivation%20of%20Script%20Block%20Logging/29538 PCAP Data Analysis with Zeek https://isc.sans.edu/diary/PCAP%20Data%20Analysis%20with%20Zeek/29530 Bing Chat Prompt Injection https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/ More Malicious Python Packages https://blog.sonatype.com/malicious-aptx-python-package-drops-meterpreter-shell-deletes-netstat
ISC StormCast for Friday, February 10th, 2023
A Backdoor with Smart Screenshot Capability https://isc.sans.edu/diary/A%20Backdoor%20with%20Smart%20Screenshot%20Capability/29534 KeePass Patches Issue Allowing Password Export https://keepass.info/news/n230109_2.53.html AWS Phishing via Google Ads https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/ Apache Kafka Vulnerability https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
ISC StormCast for Friday, February 10th, 2023
A Backdoor with Smart Screenshot Capability https://isc.sans.edu/diary/A%20Backdoor%20with%20Smart%20Screenshot%20Capability/29534 KeePass Patches Issue Allowing Password Export https://keepass.info/news/n230109_2.53.html AWS Phishing via Google Ads https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/ Apache Kafka Vulnerability https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
ISC StormCast for Thursday, February 9th, 2023
Simple HTML Phishing via Telegram Bot https://isc.sans.edu/forums/diary/Simple%20HTML%20Phishing%20via%20Telegram%20Bot/29528/ Recovering from ESXiArgs Ransomware https://www.cisa.gov/uscert/ncas/alerts/aa23-039a NIST Standardizes Lightweight Cryptography https://csrc.nist.gov/Projects/lightweight-cryptography Sonicwall Web Content Filtering on Windows 11 22H2 https://www.sonicwall.com/support/product-notification/limitation-with-web-content-filtering-on-windows-11-22h2/230208075107457/ Google Chrome Release Changes https://developer.chrome.com/blog/early-stable/
ISC StormCast for Thursday, February 9th, 2023
Simple HTML Phishing via Telegram Bot https://isc.sans.edu/forums/diary/Simple%20HTML%20Phishing%20via%20Telegram%20Bot/29528/ Recovering from ESXiArgs Ransomware https://www.cisa.gov/uscert/ncas/alerts/aa23-039a NIST Standardizes Lightweight Cryptography https://csrc.nist.gov/Projects/lightweight-cryptography Sonicwall Web Content Filtering on Windows 11 22H2 https://www.sonicwall.com/support/product-notification/limitation-with-web-content-filtering-on-windows-11-22h2/230208075107457/ Google Chrome Release Changes https://developer.chrome.com/blog/early-stable/
ISC StormCast for Wednesday, February 8th, 2023
A Survey of Bluetooth Vulnerabilities Trends https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522 OpenSSL Vulnerabilities / Patches https://www.openssl.org/news/secadv/20230207.txt Packet Tuesday: Most Frequent DNS Query ID / DNS Notify https://www.youtube.com/watch?v=QgCuE_zKyMY GoAnywhere MFT Patch Available (and PoC) https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html https://my.goanywhere.com/webclient/Dashboard.xhtml Qakbot Mechanizes Distribution of Malicous OneNote Notebooks https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
ISC StormCast for Wednesday, February 8th, 2023
A Survey of Bluetooth Vulnerabilities Trends https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522 OpenSSL Vulnerabilities / Patches https://www.openssl.org/news/secadv/20230207.txt Packet Tuesday: Most Frequent DNS Query ID / DNS Notify https://www.youtube.com/watch?v=QgCuE_zKyMY GoAnywhere MFT Patch Available (and PoC) https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html https://my.goanywhere.com/webclient/Dashboard.xhtml Qakbot Mechanizes Distribution of Malicous OneNote Notebooks https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
ISC StormCast for Tuesday, February 7th, 2023
Earthquake Scams https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518 APIs Used By Bots to Detect Public IP Addresses https://isc.sans.edu/diary/APIs+Used+by+Bots+to+Detect+Public+IP+address/29516/ OpenSSH Vulnerablity Details CVE 2023-25136 https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1 A Novel State-of-the-Art Redis Malware https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware?&web_view=true
ISC StormCast for Tuesday, February 7th, 2023
Earthquake Scams https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518 APIs Used By Bots to Detect Public IP Addresses https://isc.sans.edu/diary/APIs+Used+by+Bots+to+Detect+Public+IP+address/29516/ OpenSSH Vulnerablity Details CVE 2023-25136 https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1 A Novel State-of-the-Art Redis Malware https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware?&web_view=true
ISC StormCast for Monday, February 6th, 2023
Assemblyline as a Malware Analysis Sandbox https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510 GoAnywhere MFT zero-day Exploited https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/ Ransomware targeting VMware ESXi https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/ Jira Service Managment Server and Data Center Advisory CVE-2023-22501 https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html OpenSSH Update https://www.openssh.com/releasenotes.html F5 BigIP Vulnerability CVE-2023-22374 https://my.f5.com/manage/s/article/K000130415
ISC StormCast for Monday, February 6th, 2023
Assemblyline as a Malware Analysis Sandbox https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510 GoAnywhere MFT zero-day Exploited https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/ Ransomware targeting VMware ESXi https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/ Jira Service Managment Server and Data Center Advisory CVE-2023-22501 https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html OpenSSH Update https://www.openssh.com/releasenotes.html F5 BigIP Vulnerability CVE-2023-22374 https://my.f5.com/manage/s/article/K000130415
ISC StormCast for Friday, February 3rd, 2023
Rotating Packet Captures with pfSense https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500 BEC Group Incorporates Secondary Impersonated Personas https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks MalVirt .Net Virtualization Thrives in Malvertising Attacks https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/ Cisco Remote Code Execution with Persistence https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html