A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Wednesday, April 5th, 2023
Analyzing the efile.com Malware https://isc.sans.edu/diary/Analyzing+the+efilecom+Malware+efail/29712 ALPHV Ransomware Targets Backup Installations https://www.mandiant.com/resources/blog/alphv-ransomware-backup Sophos Web Appliance Vulnerability (and EoL) https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce Zimbra Exploited in Targeted Attacks https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability
ISC StormCast for Wednesday, April 5th, 2023
Analyzing the efile.com Malware https://isc.sans.edu/diary/Analyzing+the+efilecom+Malware+efail/29712 ALPHV Ransomware Targets Backup Installations https://www.mandiant.com/resources/blog/alphv-ransomware-backup Sophos Web Appliance Vulnerability (and EoL) https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce Zimbra Exploited in Targeted Attacks https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability
ISC StormCast for Tuesday, April 4th, 2023
efile.com compromise https://isc.sans.edu/forums/diary/Supply%20Chain%20Compromise%20or%20False%20Positive%3A%20The%20Intriguing%20Case%20of%20efile.com%20%5Bupdated%20-%20confirmed%20malicious%20code%5D/29708/ Western Digital MyCloud Breach https://www.bleepingcomputer.com/news/security/western-digital-discloses-network-breach-my-cloud-service-down/ 3CX Compromise Affected Cryptocoin Exchanges https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
ISC StormCast for Tuesday, April 4th, 2023
efile.com compromise https://isc.sans.edu/forums/diary/Supply%20Chain%20Compromise%20or%20False%20Positive%3A%20The%20Intriguing%20Case%20of%20efile.com%20%5Bupdated%20-%20confirmed%20malicious%20code%5D/29708/ Western Digital MyCloud Breach https://www.bleepingcomputer.com/news/security/western-digital-discloses-network-breach-my-cloud-service-down/ 3CX Compromise Affected Cryptocoin Exchanges https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
ISC StormCast for Monday, April 3rd, 2023
Use of X-Frame-Options and CSP frame-ancestors security headers https://isc.sans.edu/diary/Use%20of%20X-Frame-Options%20and%20CSP%20frame-ancestors%20security%20headers%20on%201%20million%20most%20popular%20domains/29698 oledump supporting MSI Files https://isc.sans.edu/diary/Update+oledump+MSI+Files/29700/ 3CX Update https://www.3cx.com/blog/news/chrome-blocks-latest-msi/ PinDuoDuo App shows anomalous behaviour https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html
ISC StormCast for Monday, April 3rd, 2023
Use of X-Frame-Options and CSP frame-ancestors security headers https://isc.sans.edu/diary/Use%20of%20X-Frame-Options%20and%20CSP%20frame-ancestors%20security%20headers%20on%201%20million%20most%20popular%20domains/29698 oledump supporting MSI Files https://isc.sans.edu/diary/Update+oledump+MSI+Files/29700/ 3CX Update https://www.3cx.com/blog/news/chrome-blocks-latest-msi/ PinDuoDuo App shows anomalous behaviour https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html
ISC StormCast for Friday, March 31st, 2023
Malicious 3CX Dekstop App Update Lifestream (Friday March 31st 1400 ET, 1800 UTC) https://www.youtube.com/watch?v=cCf3Km_j5bY 3CX Update: https://www.3cx.com/blog/news/desktopapp-security-alert/ SentinelOne: https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/ Objective-See Blog Post: https://objective-see.org/blog/blog_0x73.html Crowdstrike: https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ Bypassing PowerShell Strong Obfuscation https://isc.sans.edu/diary/Bypassing%20PowerShell%20Strong%20Obfuscation/29692
ISC StormCast for Friday, March 31st, 2023
Malicious 3CX Dekstop App Update Lifestream (Friday March 31st 1400 ET, 1800 UTC) https://www.youtube.com/watch?v=cCf3Km_j5bY 3CX Update: https://www.3cx.com/blog/news/desktopapp-security-alert/ SentinelOne: https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/ Objective-See Blog Post: https://objective-see.org/blog/blog_0x73.html Crowdstrike: https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ Bypassing PowerShell Strong Obfuscation https://isc.sans.edu/diary/Bypassing%20PowerShell%20Strong%20Obfuscation/29692
ISC StormCast for Thursday, March 30th, 2023
Extracting Multiple Streams From OLE Files https://isc.sans.edu/diary/Extracting%20Multiple%20Streams%20From%20OLE%20Files/29688 3CXDesktop App Compromise https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ Microsoft Defender False Positives https://twitter.com/MSFT365Status/status/1641048649525260289 https://admin.microsoft.com/Adminportal/Home?ref=/servicehealth/:/alerts/DZ534539 (requires login) Active Exploitation of IBM Aspera Faspex CVE-2022-47986 https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/ QNAP Patch for sudo vulnerablity https://www.qnap.com/en/security-advisory/qsa-23-11
ISC StormCast for Thursday, March 30th, 2023
Extracting Multiple Streams From OLE Files https://isc.sans.edu/diary/Extracting%20Multiple%20Streams%20From%20OLE%20Files/29688 3CXDesktop App Compromise https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ Microsoft Defender False Positives https://twitter.com/MSFT365Status/status/1641048649525260289 https://admin.microsoft.com/Adminportal/Home?ref=/servicehealth/:/alerts/DZ534539 (requires login) Active Exploitation of IBM Aspera Faspex CVE-2022-47986 https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/ QNAP Patch for sudo vulnerablity https://www.qnap.com/en/security-advisory/qsa-23-11
ISC StormCast for Wednesday, March 29th, 2023
Network Data Collector Placement Makes a Difference https://isc.sans.edu/diary/Network%20Data%20Collector%20Placement%20Makes%20a%20Difference/29664 Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078 Bypassing Wi-Fi Encryption by Manipulating Transmit Queues https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
ISC StormCast for Wednesday, March 29th, 2023
Network Data Collector Placement Makes a Difference https://isc.sans.edu/diary/Network%20Data%20Collector%20Placement%20Makes%20a%20Difference/29664 Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078 Bypassing Wi-Fi Encryption by Manipulating Transmit Queues https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
ISC StormCast for Tuesday, March 28th, 2023
Another Malicious HTA File Analysis Part 1 https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%201/29674 Apple Updates Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything%20%28including%20Studio%20Display%29/29682 MacStealer Malware Exfiltrates Mac Secrets https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
ISC StormCast for Tuesday, March 28th, 2023
Another Malicious HTA File Analysis Part 1 https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%201/29674 Apple Updates Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything%20%28including%20Studio%20Display%29/29682 MacStealer Malware Exfiltrates Mac Secrets https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
ISC StormCast for Monday, March 27th, 2023
Update for Windows Snipping Tool https://isc.sans.edu/diary/Microsoft%20Released%20an%20Update%20for%20Windows%20Snipping%20Tool%20Vulnerability/29670 GitHub Rotates SSH Keys https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ redis-py vulnerability leads to mixed up sessions, affects ChatGPT https://openai.com/blog/march-20-chatgpt-outage Linux Tech Tips YouTube Hack https://www.theverge.com/2023/3/23/23653115/linus-tech-tips-youtube-hack-crypto-scam https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434 CyberChef Update https://github.com/gchq/CyberChef/wiki/Character-encoding,-EOL-separators,-and-editor-features