A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
ISC StormCast for Thursday, August 29th, 2024
Vega-Lite With Kibana To Parse and Display IP Activity Over Time https://isc.sans.edu/diary/Vega-Lite%20with%20Kibana%20to%20Parse%20and%20Display%20IP%20Activity%20over%20Time/31210 Attack tool update impairs Windows computers https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/ Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a Confluence Vulnerabilty Exploited for Crypto Miners https://www.trendmicro.com/en_us/research/24/h/cve-2023-22527-cryptomining.html Fortra FileCatalyst Workflow Hard Coded HSQLDB Credentials https://www.fortra.com/security/advisories/product-security/fi-2024-011
ISC StormCast for Wednesday, August 28th, 2024
Why is Python so Popular to Infect Windows Hosts https://isc.sans.edu/diary/Why%20Is%20Python%20so%20Popular%20to%20Infect%20Windows%20Hosts%3F/31208 OFBiz Vulnerability Update https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://nvd.nist.gov/vuln/detail/CVE-2024-38856 Versa Directory Vulnerability Exploited https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/ Google Chrome Vulnerability Exploited https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html SGX Key Leak https://x.com/_markel___/status/1828112469010596347
ISC StormCast for Wednesday, August 28th, 2024
Why is Python so Popular to Infect Windows Hosts https://isc.sans.edu/diary/Why%20Is%20Python%20so%20Popular%20to%20Infect%20Windows%20Hosts%3F/31208 OFBiz Vulnerability Update https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://nvd.nist.gov/vuln/detail/CVE-2024-38856 Versa Directory Vulnerability Exploited https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/ Google Chrome Vulnerability Exploited https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html SGX Key Leak https://x.com/_markel___/status/1828112469010596347
ISC StormCast for Tuesday, August 27th, 2024
From Highly Obfuscated Batch File to XWorm and Redline https://isc.sans.edu/diary/From%20Highly%20Obfuscated%20Batch%20File%20to%20XWorm%20and%20Redline/31204 CVE-2024-38063 Windows IPv6 Issue PoC Exploit https://github.com/ynwarcs/CVE-2024-38063 Not a vulnerability https://github.com/juwenyi/CVE-2024-42992
ISC StormCast for Tuesday, August 27th, 2024
From Highly Obfuscated Batch File to XWorm and Redline https://isc.sans.edu/diary/From%20Highly%20Obfuscated%20Batch%20File%20to%20XWorm%20and%20Redline/31204 CVE-2024-38063 Windows IPv6 Issue PoC Exploit https://github.com/ynwarcs/CVE-2024-38063 Not a vulnerability https://github.com/juwenyi/CVE-2024-42992
ISC StormCast for Monday, August 26th, 2024
Pandas Erros: What encoding are my logs in? https://isc.sans.edu/diary/Pandas%20Errors%3A%20What%20encoding%20are%20my%20logs%20in%3F/31200 Crowdstrike Performance Issues https://www.reddit.com/r/sysadmin/comments/1eyfex6/at_least_its_not_on_a_friday/ CopyBara Malware https://www.zscaler.com/blogs/security-research/technical-analysis-copybara#conclusion SonicWall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
ISC StormCast for Monday, August 26th, 2024
Pandas Erros: What encoding are my logs in? https://isc.sans.edu/diary/Pandas%20Errors%3A%20What%20encoding%20are%20my%20logs%20in%3F/31200 Crowdstrike Performance Issues https://www.reddit.com/r/sysadmin/comments/1eyfex6/at_least_its_not_on_a_friday/ CopyBara Malware https://www.zscaler.com/blogs/security-research/technical-analysis-copybara#conclusion SonicWall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
ISC StormCast for Friday, August 23rd, 2024
OpenAI Scans Honeypots https://isc.sans.edu/diary/OpenAI%20Scans%20for%20Honeypots.%20Artificially%20Malicious%3F%20Action%20Abuse%3F/31196 Broken Linux Boot Partitions after August Microsoft Update https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23H2#3377msgdesc Google Fixes Chrome 0-day https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html Cisco Zero Day Exploited (now Patched) https://www.sygnia.co/blog/china-threat-group-velvet-ant-cisco-zero-day/ Solar Winds Helpdesk Backdoor https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2 Securing the Future: How Memory-Safe Programming Languages Impact Industry Safety (Christopher Ross) https://www.sans.edu/cyber-research/securing-future-how-memory-safe-programming-languages-impact-industry-safety/
ISC StormCast for Friday, August 23rd, 2024
OpenAI Scans Honeypots https://isc.sans.edu/diary/OpenAI%20Scans%20for%20Honeypots.%20Artificially%20Malicious%3F%20Action%20Abuse%3F/31196 Broken Linux Boot Partitions after August Microsoft Update https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23H2#3377msgdesc Google Fixes Chrome 0-day https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html Cisco Zero Day Exploited (now Patched) https://www.sygnia.co/blog/china-threat-group-velvet-ant-cisco-zero-day/ Solar Winds Helpdesk Backdoor https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2 Securing the Future: How Memory-Safe Programming Languages Impact Industry Safety (Christopher Ross) https://www.sans.edu/cyber-research/securing-future-how-memory-safe-programming-languages-impact-industry-safety/
ISC StormCast for Thursday, August 22nd, 2024
Mapping Threats wiht DNSTwist and the Internet Storm Center https://isc.sans.edu/diary/Mapping%20Threats%20with%20DNSTwist%20and%20the%20Internet%20Storm%20Center%20%5BGuest%20Diary%5D/31188 Slack AI Prompt Injection https://promptarmor.substack.com/p/slack-ai-data-exfiltration-from-private Phishing in PWA Applications https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/ QNAP Ransomware Security Center https://www.qnap.com/en/news/2024/qnap-officially-releases-qts-5-2-introducing-security-center-for-active-file-activity-monitoring-elevated-security-and-data-protection
ISC StormCast for Thursday, August 22nd, 2024
Mapping Threats wiht DNSTwist and the Internet Storm Center https://isc.sans.edu/diary/Mapping%20Threats%20with%20DNSTwist%20and%20the%20Internet%20Storm%20Center%20%5BGuest%20Diary%5D/31188 Slack AI Prompt Injection https://promptarmor.substack.com/p/slack-ai-data-exfiltration-from-private Phishing in PWA Applications https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/ QNAP Ransomware Security Center https://www.qnap.com/en/news/2024/qnap-officially-releases-qts-5-2-introducing-security-center-for-active-file-activity-monitoring-elevated-security-and-data-protection
ISC StormCast for Wednesday, August 21st, 2024
Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability https://isc.sans.edu/diary/Where+are+we+with+CVE202438063+Microsoft+IPv6+Vulnerability/31186 Microsoft August Update Prevents Linux from Booting https://community.frame.work/t/sbat-verification-error-booting-linux-after-windows-update/56354 PHP CGI Vulnerability Exploited CVE-2024-4577 https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns F5 Updates https://my.f5.com/manage/s/article/K000140111 https://my.f5.com/manage/s/article/K000140108
ISC StormCast for Wednesday, August 21st, 2024
Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability https://isc.sans.edu/diary/Where+are+we+with+CVE202438063+Microsoft+IPv6+Vulnerability/31186 Microsoft August Update Prevents Linux from Booting https://community.frame.work/t/sbat-verification-error-booting-linux-after-windows-update/56354 PHP CGI Vulnerability Exploited CVE-2024-4577 https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns F5 Updates https://my.f5.com/manage/s/article/K000140111 https://my.f5.com/manage/s/article/K000140108
ISC StormCast for Tuesday, August 20th, 2024
Do you like donuts? Here is a donut Shellcode Delivered Through PowerShell Python https://isc.sans.edu/diary/Do%20you%20Like%20Donuts%3F%20Here%20is%20a%20Donut%20Shellcode%20Delivered%20Through%20PowerShell%20Python/31182 How Vulnerabilities in Microsoft Apps for MacOS allow Stealing Permissions https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/ Digital Wallet Security Loophole https://www.umass.edu/news/article/new-study-reveals-loophole-digital-wallet-security-even-if-rightful-cardholder-doesnt Microsoft IPv6 Vulnerability CVE-2024-38063 https://x.com/f4rmpoet/status/1825472703223992323 YouTube Video (going live 10am ET) https://www.youtube.com/watch?v=miBb1llFOYQ
ISC StormCast for Tuesday, August 20th, 2024
Do you like donuts? Here is a donut Shellcode Delivered Through PowerShell Python https://isc.sans.edu/diary/Do%20you%20Like%20Donuts%3F%20Here%20is%20a%20Donut%20Shellcode%20Delivered%20Through%20PowerShell%20Python/31182 How Vulnerabilities in Microsoft Apps for MacOS allow Stealing Permissions https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/ Digital Wallet Security Loophole https://www.umass.edu/news/article/new-study-reveals-loophole-digital-wallet-security-even-if-rightful-cardholder-doesnt Microsoft IPv6 Vulnerability CVE-2024-38063 https://x.com/f4rmpoet/status/1825472703223992323 YouTube Video (going live 10am ET) https://www.youtube.com/watch?v=miBb1llFOYQ