A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
ISC StormCast for Friday, February 3rd, 2023
Rotating Packet Captures with pfSense https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500 BEC Group Incorporates Secondary Impersonated Personas https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks MalVirt .Net Virtualization Thrives in Malvertising Attacks https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/ Cisco Remote Code Execution with Persistence https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html
ISC StormCast for Thursday, February 2nd, 2023
Detecting Malicious OneNote Files https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494 Microsoft Defender Device Isolation for Linux https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400 SH1MMER Exploit for Chromebooks https://sh1mmer.me DOMPDF SVG Parsing Vulnerability https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
ISC StormCast for Thursday, February 2nd, 2023
Detecting Malicious OneNote Files https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494 Microsoft Defender Device Isolation for Linux https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400 SH1MMER Exploit for Chromebooks https://sh1mmer.me DOMPDF SVG Parsing Vulnerability https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
ISC StormCast for Wednesday, February 1st, 2023
DShield Honeypot Setup with pfSense https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490 Threat Actors Abusing Microsoft's "Verified Publisher" Status https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher PoS Malware Can Block Contactless Payments https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/ Detecting Files Exempt from Anti Malware Scans https://github.com/bananabr/TimeException
ISC StormCast for Wednesday, February 1st, 2023
DShield Honeypot Setup with pfSense https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490 Threat Actors Abusing Microsoft's "Verified Publisher" Status https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher PoS Malware Can Block Contactless Payments https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/ Detecting Files Exempt from Anti Malware Scans https://github.com/bananabr/TimeException
ISC StormCast for Tuesday, January 31st, 2023
Decoding DNS over HTTP(s) Requests https://isc.sans.edu/diary/Decoding%20DNS%20over%20HTTP%28s%29%20Requests/29488 Action Needed for GitHub Desktop and Atom Users https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/ GitHub Checksum Mismatches for .tar.gz Files https://github.com/orgs/community/discussions/45830 Facebook 2FA Bypass https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c Fortinet Exploit https://wzt.ac.cn/2022/12/15/CVE-2022-42475/ QNAP Vulnerability https://www.qnap.com/en/security-advisory/qsa-23-01
ISC StormCast for Tuesday, January 31st, 2023
Decoding DNS over HTTP(s) Requests https://isc.sans.edu/diary/Decoding%20DNS%20over%20HTTP%28s%29%20Requests/29488 Action Needed for GitHub Desktop and Atom Users https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/ GitHub Checksum Mismatches for .tar.gz Files https://github.com/orgs/community/discussions/45830 Facebook 2FA Bypass https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c Fortinet Exploit https://wzt.ac.cn/2022/12/15/CVE-2022-42475/ QNAP Vulnerability https://www.qnap.com/en/security-advisory/qsa-23-01
ISC StormCast for Monday, January 30th, 2023
Microsoft Tips to Patch Your Exchange Servers https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001 FCC Treatens to Take Action Against Twilio over Robocalls https://www.fcc.gov/document/fcc-takes-mortgage-scam-robocall-campaign-targeting-homeowners PlugX Variant Spreads via USB https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/ Adware in Google Play Store https://news.drweb.com/show/review/?lng=en&i=14652 Tails 5.9 Update https://tails.boum.org/news/version_5.9/index.de.html
ISC StormCast for Monday, January 30th, 2023
Microsoft Tips to Patch Your Exchange Servers https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001 FCC Treatens to Take Action Against Twilio over Robocalls https://www.fcc.gov/document/fcc-takes-mortgage-scam-robocall-campaign-targeting-homeowners PlugX Variant Spreads via USB https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/ Adware in Google Play Store https://news.drweb.com/show/review/?lng=en&i=14652 Tails 5.9 Update https://tails.boum.org/news/version_5.9/index.de.html
ISC StormCast for Friday, January 27th, 2023
Live Linux IR with UAC https://isc.sans.edu/diary/Live%20Linux%20IR%20with%20UAC/29480 Bitwarden Phishing https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704 https://www.reddit.com/r/Bitwarden/comments/10k2aj5/google_search_ads_showing_fake_bitwarden_web/ PY#RATION Attack Campaign Leverages Fernet Encyrption and Websockets https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/ Skyhigh Security Secure Web Gateway: XSS in Single Sign On Plugin https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-002/-skyhigh-security-secure-web-gateway-cross-site-scripting-in-single-sign-on-plugin Windows Crypto API Vuln PoC https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689 BIND Patches https://kb.isc.org/docs/cve-2022-3094
ISC StormCast for Friday, January 27th, 2023
Live Linux IR with UAC https://isc.sans.edu/diary/Live%20Linux%20IR%20with%20UAC/29480 Bitwarden Phishing https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704 https://www.reddit.com/r/Bitwarden/comments/10k2aj5/google_search_ads_showing_fake_bitwarden_web/ PY#RATION Attack Campaign Leverages Fernet Encyrption and Websockets https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/ Skyhigh Security Secure Web Gateway: XSS in Single Sign On Plugin https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-002/-skyhigh-security-secure-web-gateway-cross-site-scripting-in-single-sign-on-plugin Windows Crypto API Vuln PoC https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689 BIND Patches https://kb.isc.org/docs/cve-2022-3094
ISC StormCast for Thursday, January 26th, 2023
First Malicious OneNote Document https://isc.sans.edu/diary/A%20First%20Malicious%20OneNote%20Document/29470 Guidance for Securing Remote Monitoring and Management Software https://media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts https://www.darkreading.com/cloud/microsoft-azure-kerberos-attacks-open-cloud-accounts Microsoft Blocking XLL Files Downloaded From Internet https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=115485 Lexmark Vulnerablities https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf VMware VRealize Update https://www.vmware.com/security/advisories/VMSA-2023-0001.html
ISC StormCast for Thursday, January 26th, 2023
First Malicious OneNote Document https://isc.sans.edu/diary/A%20First%20Malicious%20OneNote%20Document/29470 Guidance for Securing Remote Monitoring and Management Software https://media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts https://www.darkreading.com/cloud/microsoft-azure-kerberos-attacks-open-cloud-accounts Microsoft Blocking XLL Files Downloaded From Internet https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=115485 Lexmark Vulnerablities https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf VMware VRealize Update https://www.vmware.com/security/advisories/VMSA-2023-0001.html
ISC StormCast for Wednesday, January 25th, 2023
Apple Patch Summary https://isc.sans.edu/forums/diary/Apple%20Updates%20%28almost%29%20Everything%3A%20Patch%20Overview/29472/ ManageEngine News; https://github.com/vonahisec/CVE-2022-47966-Scan KSMBD Vulnerability https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/ BitWarden Server Side Iterations https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/ Packet Tuesday: Neighbor Advertisements https://www.youtube.com/watch?v=CoaZjuuY1do
ISC StormCast for Wednesday, January 25th, 2023
Apple Patch Summary https://isc.sans.edu/forums/diary/Apple%20Updates%20%28almost%29%20Everything%3A%20Patch%20Overview/29472/ ManageEngine News; https://github.com/vonahisec/CVE-2022-47966-Scan KSMBD Vulnerability https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/ BitWarden Server Side Iterations https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/ Packet Tuesday: Neighbor Advertisements https://www.youtube.com/watch?v=CoaZjuuY1do