A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
Linux For Everyone
A show about the thrilling world of desktop Linux, open-source software, and the community creating it. For beginners and veterans alike! Hosted by Jason Evangelho, Jerry Morrison and Schykle.
ISC StormCast for Wednesday, September 6th, 2023
Common Usernames Submitted to Honeypots https://isc.sans.edu/diary/Common%20usernames%20submitted%20to%20honeypots/30188 TPM LUKS Bypass https://pulsesecurity.co.nz/advisories/tpm-luks-bypass Cross Tenant Impersonation Prevention and Detection https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection
ISC StormCast for Tuesday, September 5th, 2023
What is the Origin of Passwords Submitted to Honeypots https://isc.sans.edu/diary/What%20is%20the%20origin%20of%20passwords%20submitted%20to%20honeypots%3F/30182 Creating a YARA Rule to Detect Obfuscated Strings https://isc.sans.edu/diary/Creating%20a%20YARA%20Rule%20to%20Detect%20Obfuscated%20Strings/30186 VMware Aria Operations for Networks Hardcoded Keys 2023-34039 https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/ https://github.com/sinsinology/CVE-2023-34039/ Windows will Disable TLS 1.0/1.1 https://learn.microsoft.com/en-us/windows/release-health/windows-message-center
ISC StormCast for Tuesday, September 5th, 2023
What is the Origin of Passwords Submitted to Honeypots https://isc.sans.edu/diary/What%20is%20the%20origin%20of%20passwords%20submitted%20to%20honeypots%3F/30182 Creating a YARA Rule to Detect Obfuscated Strings https://isc.sans.edu/diary/Creating%20a%20YARA%20Rule%20to%20Detect%20Obfuscated%20Strings/30186 VMware Aria Operations for Networks Hardcoded Keys 2023-34039 https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/ https://github.com/sinsinology/CVE-2023-34039/ Windows will Disable TLS 1.0/1.1 https://learn.microsoft.com/en-us/windows/release-health/windows-message-center
ISC StormCast for Friday, September 1st, 2023
The low, low cost of (committing) cybercrime https://isc.sans.edu/forums/diary/The%20low%2C%20low%20cost%20of%20%28committing%29%20cybercrime/30176/ Unpinnable Github Actions https://www.paloaltonetworks.com/blog/prisma-cloud/unpinnable-actions-github-security/ Exploitation of Cisco ASA SSL VPNs https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/ Splunk Vulnerabilities https://advisory.splunk.com/advisories Top Level Domain Issues https://blog.talosintelligence.com/whats-in-a-name/
ISC StormCast for Friday, September 1st, 2023
The low, low cost of (committing) cybercrime https://isc.sans.edu/forums/diary/The%20low%2C%20low%20cost%20of%20%28committing%29%20cybercrime/30176/ Unpinnable Github Actions https://www.paloaltonetworks.com/blog/prisma-cloud/unpinnable-actions-github-security/ Exploitation of Cisco ASA SSL VPNs https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/ Splunk Vulnerabilities https://advisory.splunk.com/advisories Top Level Domain Issues https://blog.talosintelligence.com/whats-in-a-name/
ISC StormCast for Thursday, August 31st, 2023
Home Office/Small Business Hurricane Prep https://isc.sans.edu/diary/Home%20Office%20%20%20Small%20Business%20Hurricane%20Prep/30166 Notepad++ Vulnerabilities https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/ 7-Zip Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-23-1164/ BGP Error Handling Issues https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
ISC StormCast for Thursday, August 31st, 2023
Home Office/Small Business Hurricane Prep https://isc.sans.edu/diary/Home%20Office%20%20%20Small%20Business%20Hurricane%20Prep/30166 Notepad++ Vulnerabilities https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/ 7-Zip Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-23-1164/ BGP Error Handling Issues https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
ISC StormCast for Wednesday, August 30th, 2023
Survival Time for Web Sites https://isc.sans.edu/diary/Survival%20time%20for%20web%20sites/30170 PDF/ActiveMime Polyglot Maldocs https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html https://blog.didierstevens.com/2023/08/29/quickpost-pdf-activemime-maldocs-yara-rule/ RocketMQ Vulnerability Exploited https://blogs.juniper.net/en-us/threat-research/dreambus-botnet-resurfaces-targets-rocketmq-vulnerability ManageEngine Vulnerabilty https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html
ISC StormCast for Wednesday, August 30th, 2023
Survival Time for Web Sites https://isc.sans.edu/diary/Survival%20time%20for%20web%20sites/30170 PDF/ActiveMime Polyglot Maldocs https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html https://blog.didierstevens.com/2023/08/29/quickpost-pdf-activemime-maldocs-yara-rule/ RocketMQ Vulnerability Exploited https://blogs.juniper.net/en-us/threat-research/dreambus-botnet-resurfaces-targets-rocketmq-vulnerability ManageEngine Vulnerabilty https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html
ISC StormCast for Tuesday, August 29th, 2023
Analysis of RAR Exploit Files (CVE-2023-38831) https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164 Juniper Exploit CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36847 https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/ Microsoft Will Enabled Extended Protection for Exchange Server by Default https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849 Rust Malware Stages on Crates.io https://blog.phylum.io/rust-malware-staged-on-crates-io/
ISC StormCast for Tuesday, August 29th, 2023
Analysis of RAR Exploit Files (CVE-2023-38831) https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164 Juniper Exploit CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36847 https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/ Microsoft Will Enabled Extended Protection for Exchange Server by Default https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849 Rust Malware Stages on Crates.io https://blog.phylum.io/rust-malware-staged-on-crates-io/ SANS Community Night London Signup https://www.sans.org/mlp/community-night-cloud-security-london-september-2023
ISC StormCast for Monday, August 28th, 2023
Python Malware Using Postgresql for C2 Communications https://isc.sans.edu/diary/Python%20Malware%20Using%20Postgresql%20for%20C2%20Communications/30158 macOS: Who is Behind This Network Connection? https://isc.sans.edu/diary/macOS%3A%20Who%3Fs%20Behind%20This%20Network%20Connection%3F/30160 CVE-2020-19909 Is Everything that is Wrong with CVEs https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/ Windows Certificate Confusion https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/ NPM E-Mail Validator Package Malware https://blog.phylum.io/npm-emails-validator-package-malware/
ISC StormCast for Monday, August 28th, 2023
Python Malware Using Postgresql for C2 Communications https://isc.sans.edu/diary/Python%20Malware%20Using%20Postgresql%20for%20C2%20Communications/30158 macOS: Who is Behind This Network Connection? https://isc.sans.edu/diary/macOS%3A%20Who%3Fs%20Behind%20This%20Network%20Connection%3F/30160 CVE-2020-19909 Is Everything that is Wrong with CVEs https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/ Windows Certificate Confusion https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/ NPM E-Mail Validator Package Malware https://blog.phylum.io/npm-emails-validator-package-malware/
ISC StormCast for Friday, August 25th, 2023
How I made a "QWERTY" Keyboard Walk Password Generator with ChatGPT https://isc.sans.edu/diary/How%20I%20made%20a%20qwerty%20%3Fkeyboard%20walk%3F%20password%20generator%20with%20ChatGPT%20%20%5BGuest%20Diary%5D/30152 FBI Warns of Persistent Barracuda Backdoors https://www.ic3.gov/Media/News/2023/230823.pdf Ivanti Sentry Athentication Bypass Deep Diver CVE-2023-38035 https://www.horizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/ Smoke Loader Drops Whiffy Recon WiFi Scanning and Geolocation Malware https://www.secureworks.com/blog/smoke-loader-drops-whiffy-recon-wi-fi-scanning-and-geolocation-malware
ISC StormCast for Friday, August 25th, 2023
How I made a "QWERTY" Keyboard Walk Password Generator with ChatGPT https://isc.sans.edu/diary/How%20I%20made%20a%20qwerty%20%3Fkeyboard%20walk%3F%20password%20generator%20with%20ChatGPT%20%20%5BGuest%20Diary%5D/30152 FBI Warns of Persistent Barracuda Backdoors https://www.ic3.gov/Media/News/2023/230823.pdf Ivanti Sentry Athentication Bypass Deep Diver CVE-2023-38035 https://www.horizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/ Smoke Loader Drops Whiffy Recon WiFi Scanning and Geolocation Malware https://www.secureworks.com/blog/smoke-loader-drops-whiffy-recon-wi-fi-scanning-and-geolocation-malware