A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
ISC StormCast for Tuesday, November 8th, 2022
IPv4 Address Representations https://isc.sans.edu/diary/IPv4%20Address%20Representations/29224 Azure AD Certificate-based Authentication (CBA) on Mobile https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-certificate-based-authentication-cba-on-mobile/ba-p/2365672 Twitter Scams https://nakedsecurity.sophos.com/2022/11/04/twitter-blue-badge-email-scams-dont-fall-for-them/ Facebook Personal Information Removal https://www.facebook.com/contacts/removal RSA Conference Finds Unencrypted Confidential Data in WiFi Traffic https://www.darkreading.com/remote-workforce/unencrypted-traffic-weak-e-mail-passwords-still-undermining-wifi-security
ISC StormCast for Tuesday, November 8th, 2022
IPv4 Address Representations https://isc.sans.edu/diary/IPv4%20Address%20Representations/29224 Azure AD Certificate-based Authentication (CBA) on Mobile https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-certificate-based-authentication-cba-on-mobile/ba-p/2365672 Twitter Scams https://nakedsecurity.sophos.com/2022/11/04/twitter-blue-badge-email-scams-dont-fall-for-them/ Facebook Personal Information Removal https://www.facebook.com/contacts/removal RSA Conference Finds Unencrypted Confidential Data in WiFi Traffic https://www.darkreading.com/remote-workforce/unencrypted-traffic-weak-e-mail-passwords-still-undermining-wifi-security
ISC StormCast for Monday, November 7th, 2022
Remcos Downloader With Unicode Obfuscation https://isc.sans.edu/diary/Remcos%20Downloader%20with%20Unicode%20Obfuscation/29220 Windows Malware With VHD Extension https://isc.sans.edu/diary/Windows%20Malware%20with%20VHD%20Extension/29222 PyPi Packages Attempting to Deliver w4sp Stealer https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack
ISC StormCast for Monday, November 7th, 2022
Remcos Downloader With Unicode Obfuscation https://isc.sans.edu/diary/Remcos%20Downloader%20with%20Unicode%20Obfuscation/29220 Windows Malware With VHD Extension https://isc.sans.edu/diary/Windows%20Malware%20with%20VHD%20Extension/29222 PyPi Packages Attempting to Deliver w4sp Stealer https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack
ISC StormCast for Friday, November 4th, 2022
Breakpoints in Burp https://isc.sans.edu/forums/diary/Breakpoints%20in%20Burp/29214/ TA569 Supply Chain Attack Injects JavaScript https://twitter.com/threatinsight/status/1587865920130752515 https://www.darkreading.com/application-security/supply-chain-attack-pushes-out-malware-to-more-than-250-media-websites Link to old story similar to the above JavaScript injection https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/ Hitachi Infrastructure Analytics Advisor https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-134/index.html FortiNet Patches https://fortiguard.fortinet.com/psirt?date=11-2022 Nessus Patches https://www.tenable.com/security/tns-2022-24
ISC StormCast for Friday, November 4th, 2022
Breakpoints in Burp https://isc.sans.edu/forums/diary/Breakpoints%20in%20Burp/29214/ TA569 Supply Chain Attack Injects JavaScript https://twitter.com/threatinsight/status/1587865920130752515 https://www.darkreading.com/application-security/supply-chain-attack-pushes-out-malware-to-more-than-250-media-websites Link to old story similar to the above JavaScript injection https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/ Hitachi Infrastructure Analytics Advisor https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-134/index.html FortiNet Patches https://fortiguard.fortinet.com/psirt?date=11-2022 Nessus Patches https://www.tenable.com/security/tns-2022-24
ISC StormCast for Thursday, November 3rd, 2022
Who Put the "Dark" in DarkVNC? https://isc.sans.edu/forums/diary/Who+put+the+Dark+in+DarkVNC/29210 sigstore General Availability https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/ https://github.blog/2022-10-25-why-were-excited-about-the-sigstore-general-availability/ URLScan.io's SOAR Spot: Chatty Security Tools Leaking Private Data https://positive.security/blog/urlscan-data-leaks Checkmk: Remote Code Execution by Chaining Multiple Bugs https://blog.sonarsource.com/checkmk-rce-chain-1/
ISC StormCast for Thursday, November 3rd, 2022
Who Put the "Dark" in DarkVNC? https://isc.sans.edu/forums/diary/Who+put+the+Dark+in+DarkVNC/29210 sigstore General Availability https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/ https://github.blog/2022-10-25-why-were-excited-about-the-sigstore-general-availability/ URLScan.io's SOAR Spot: Chatty Security Tools Leaking Private Data https://positive.security/blog/urlscan-data-leaks Checkmk: Remote Code Execution by Chaining Multiple Bugs https://blog.sonarsource.com/checkmk-rce-chain-1/
ISC StormCast for Wednesday, November 2nd, 2022
OpenSSL 3.0 Punycode Vulnerability Fix https://isc.sans.edu/forums/diary/Critical+OpenSSL+30+Update+Released+Patches+CVE20223786+CVE20223602/29208 https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
ISC StormCast for Wednesday, November 2nd, 2022
OpenSSL 3.0 Punycode Vulnerability Fix https://isc.sans.edu/forums/diary/Critical+OpenSSL+30+Update+Released+Patches+CVE20223786+CVE20223602/29208 https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
ISC StormCast for Tuesday, November 1st, 2022
NMAP without NMAP - Port Testing and Scanning with PowerShell https://isc.sans.edu/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202 ConnectWise Recover and R1Soft Server Backup Critical Vulnerability https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html LODEINFO 2022 Abusing Security Software https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/ Spring Security Vulnerability https://tanzu.vmware.com/security/cve-2022-31692
ISC StormCast for Tuesday, November 1st, 2022
NMAP without NMAP - Port Testing and Scanning with PowerShell https://isc.sans.edu/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202 ConnectWise Recover and R1Soft Server Backup Critical Vulnerability https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html LODEINFO 2022 Abusing Security Software https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/ Spring Security Vulnerability https://tanzu.vmware.com/security/cve-2022-31692
ISC StormCast for Monday, October 31st, 2022
Supersizing you DUO and 365 Integration https://isc.sans.edu/forums/diary/Supersizing%20your%20DUO%20and%20365%20Integration/29194/ TCP/IP Vulnerability CVE-2022 34718 PoC Restoration and Analysis https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf Juniper SSLVON / JunOS RCE Vulnerabilities https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/ Raspberry Robin Update https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
ISC StormCast for Monday, October 31st, 2022
Supersizing you DUO and 365 Integration https://isc.sans.edu/forums/diary/Supersizing%20your%20DUO%20and%20365%20Integration/29194/ TCP/IP Vulnerability CVE-2022 34718 PoC Restoration and Analysis https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf Juniper SSLVON / JunOS RCE Vulnerabilities https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/ Raspberry Robin Update https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
ISC StormCast for Friday, October 28th, 2022
Upcoming Critical OpenSSL Vulnerability: What will be Affected? https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192 Apple Updates https://support.apple.com/en-us/HT201222 Fodcha Botnet Reaches 1Tbps https://blog.netlab.360.com/ddosmonster_the_return_of__fodcha_cn/ https://www.bleepingcomputer.com/news/security/fodcha-ddos-botnet-reaches-1tbps-in-power-injects-ransoms-in-packets/