A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
Linux For Everyone
A show about the thrilling world of desktop Linux, open-source software, and the community creating it. For beginners and veterans alike! Hosted by Jason Evangelho, Jerry Morrison and Schykle.
ISC StormCast for Wednesday, September 27th, 2023
A new spint on the ZeroFont phishing technique https://isc.sans.edu/diary/A%20new%20spin%20on%20the%20ZeroFont%20phishing%20technique/30248 macOS Sonoma Updates https://isc.sans.edu/diary/Apple%20Releases%20MacOS%20Sonoma%20Including%20Numerous%20Security%20Patches/30252
ISC StormCast for Tuesday, September 26th, 2023
LuaJIT Malware https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/ NPM systeminformation flaw https://systeminformation.io/security.html Team City Authentication Bypass https://twitter.com/ptswarm/status/1706223917008834748
ISC StormCast for Tuesday, September 26th, 2023
LuaJIT Malware https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/ NPM systeminformation flaw https://systeminformation.io/security.html Team City Authentication Bypass https://twitter.com/ptswarm/status/1706223917008834748
ISC StormCast for Monday, September 25th, 2023
Scanning for Laravel - a PHP Framework for Web Artisants https://isc.sans.edu/forums/diary/Scanning%20for%20Laravel%20-%20a%20PHP%20Framework%20for%20Web%20Artisants/30242/ Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/ Unmasking a Sophistiacted Phishing Campaign That Targets Hotel Guests https://www.akamai.com/blog/security-research/sophisticated-phishing-campaign-targeting-hospitality BSides JAX October 14th https://www.bsidesjax.org/ tickets: https://www.eventbrite.com/e/bsides-jacksonville-2023-registration-566463807497?aff=oddtdtcreator
ISC StormCast for Monday, September 25th, 2023
Scanning for Laravel - a PHP Framework for Web Artisants https://isc.sans.edu/forums/diary/Scanning%20for%20Laravel%20-%20a%20PHP%20Framework%20for%20Web%20Artisants/30242/ Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/ Unmasking a Sophistiacted Phishing Campaign That Targets Hotel Guests https://www.akamai.com/blog/security-research/sophisticated-phishing-campaign-targeting-hospitality BSides JAX October 14th https://www.bsidesjax.org/ tickets: https://www.eventbrite.com/e/bsides-jacksonville-2023-registration-566463807497?aff=oddtdtcreator
ISC StormCast for Friday, September 22nd, 2023
Apple Patches Three 0-Days https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238 WebP Vulnerability https://blog.isosceles.com/the-webp-0day/ MOVEit Transfer Service Pack https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023 Improved Passkey Support in Windows 11 https://www.microsoft.com/en-us/security/blog/2023/09/21/new-microsoft-security-tools-to-protect-families-and-businesses/
ISC StormCast for Friday, September 22nd, 2023
Apple Patches Three 0-Days https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238 WebP Vulnerability https://blog.isosceles.com/the-webp-0day/ MOVEit Transfer Service Pack https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023 Improved Passkey Support in Windows 11 https://www.microsoft.com/en-us/security/blog/2023/09/21/new-microsoft-security-tools-to-protect-families-and-businesses/
ISC StormCast for Thursday, September 21st, 2023
What's Normal: DNS TTL Values https://isc.sans.edu/forums/diary/What's%20Normal%3F%20DNS%20TTL%20Values/30234/ CISA Highlights Snatch Ransomware https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a npm packages caught exfiltrating Kubernetes config, SSH keys https://blog.sonatype.com/npm-packages-caught-exfiltrating-kubernetes-config-ssh-keys Nagios XI Vulnerabilities https://outpost24.com/blog/nagios-xi-vulnerabilities/
ISC StormCast for Thursday, September 21st, 2023
What's Normal: DNS TTL Values https://isc.sans.edu/forums/diary/What's%20Normal%3F%20DNS%20TTL%20Values/30234/ CISA Highlights Snatch Ransomware https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a npm packages caught exfiltrating Kubernetes config, SSH keys https://blog.sonatype.com/npm-packages-caught-exfiltrating-kubernetes-config-ssh-keys Nagios XI Vulnerabilities https://outpost24.com/blog/nagios-xi-vulnerabilities/
ISC StormCast for Wednesday, September 20th, 2023
Obfuscated Scans For Older Adobe Experience Manager Vulnerabilities https://isc.sans.edu/diary/Obfuscated%20Scans%20for%20Older%20Adobe%20Experience%20Manager%20Vulnerabilities/30230 Trend Micro Apex One 0-day https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US SprySOCKS Backdoor https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html GitLab Patches https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
ISC StormCast for Wednesday, September 20th, 2023
Obfuscated Scans For Older Adobe Experience Manager Vulnerabilities https://isc.sans.edu/diary/Obfuscated%20Scans%20for%20Older%20Adobe%20Experience%20Manager%20Vulnerabilities/30230 Trend Micro Apex One 0-day https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US SprySOCKS Backdoor https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html GitLab Patches https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
ISC StormCast for Tuesday, September 19th, 2023
Internet Wide Multi VPN Search from Single /24 Network https://isc.sans.edu/diary/Internet%20Wide%20Multi%20VPN%20Search%20From%20Single%20%2024%20Network/30226 iOS/iPadOS/tvOS/WatchOS Updates https://support.apple.com/en-us/HT201222 Juniper Vuln Details/Exploit CVE-2023-36845 https://vulncheck.com/blog/juniper-cve-2023-36845
ISC StormCast for Tuesday, September 19th, 2023
Internet Wide Multi VPN Search from Single /24 Network https://isc.sans.edu/diary/Internet%20Wide%20Multi%20VPN%20Search%20From%20Single%20%2024%20Network/30226 iOS/iPadOS/tvOS/WatchOS Updates https://support.apple.com/en-us/HT201222 Juniper Vuln Details/Exploit CVE-2023-36845 https://vulncheck.com/blog/juniper-cve-2023-36845
ISC StormCast for Monday, September 18th, 2023
When MFA isn't actually MFA https://retool.com/blog/mfa-isnt-mfa/ QNAP Patches https://www.qnap.com/en/security-advisories?ref=security_advisory_details Chrome able to use Apple Keychain Passkeys https://9to5google.com/2023/09/14/chrome-118-icloud-passkey/ Fortinet XSS https://fortiguard.fortinet.com/psirt/FG-IR-23-106 vBulletin XSS https://gist.github.com/GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c
ISC StormCast for Monday, September 18th, 2023
When MFA isn't actually MFA https://retool.com/blog/mfa-isnt-mfa/ QNAP Patches https://www.qnap.com/en/security-advisories?ref=security_advisory_details Chrome able to use Apple Keychain Passkeys https://9to5google.com/2023/09/14/chrome-118-icloud-passkey/ Fortinet XSS https://fortiguard.fortinet.com/psirt/FG-IR-23-106 vBulletin XSS https://gist.github.com/GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c