A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Monday, February 13th, 2023
Obfuscated Deactivation of Script Block Logging https://isc.sans.edu/diary/Obfuscated%20Deactivation%20of%20Script%20Block%20Logging/29538 PCAP Data Analysis with Zeek https://isc.sans.edu/diary/PCAP%20Data%20Analysis%20with%20Zeek/29530 Bing Chat Prompt Injection https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/ More Malicious Python Packages https://blog.sonatype.com/malicious-aptx-python-package-drops-meterpreter-shell-deletes-netstat
ISC StormCast for Friday, February 10th, 2023
A Backdoor with Smart Screenshot Capability https://isc.sans.edu/diary/A%20Backdoor%20with%20Smart%20Screenshot%20Capability/29534 KeePass Patches Issue Allowing Password Export https://keepass.info/news/n230109_2.53.html AWS Phishing via Google Ads https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/ Apache Kafka Vulnerability https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
ISC StormCast for Friday, February 10th, 2023
A Backdoor with Smart Screenshot Capability https://isc.sans.edu/diary/A%20Backdoor%20with%20Smart%20Screenshot%20Capability/29534 KeePass Patches Issue Allowing Password Export https://keepass.info/news/n230109_2.53.html AWS Phishing via Google Ads https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/ Apache Kafka Vulnerability https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
ISC StormCast for Thursday, February 9th, 2023
Simple HTML Phishing via Telegram Bot https://isc.sans.edu/forums/diary/Simple%20HTML%20Phishing%20via%20Telegram%20Bot/29528/ Recovering from ESXiArgs Ransomware https://www.cisa.gov/uscert/ncas/alerts/aa23-039a NIST Standardizes Lightweight Cryptography https://csrc.nist.gov/Projects/lightweight-cryptography Sonicwall Web Content Filtering on Windows 11 22H2 https://www.sonicwall.com/support/product-notification/limitation-with-web-content-filtering-on-windows-11-22h2/230208075107457/ Google Chrome Release Changes https://developer.chrome.com/blog/early-stable/
ISC StormCast for Thursday, February 9th, 2023
Simple HTML Phishing via Telegram Bot https://isc.sans.edu/forums/diary/Simple%20HTML%20Phishing%20via%20Telegram%20Bot/29528/ Recovering from ESXiArgs Ransomware https://www.cisa.gov/uscert/ncas/alerts/aa23-039a NIST Standardizes Lightweight Cryptography https://csrc.nist.gov/Projects/lightweight-cryptography Sonicwall Web Content Filtering on Windows 11 22H2 https://www.sonicwall.com/support/product-notification/limitation-with-web-content-filtering-on-windows-11-22h2/230208075107457/ Google Chrome Release Changes https://developer.chrome.com/blog/early-stable/
ISC StormCast for Wednesday, February 8th, 2023
A Survey of Bluetooth Vulnerabilities Trends https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522 OpenSSL Vulnerabilities / Patches https://www.openssl.org/news/secadv/20230207.txt Packet Tuesday: Most Frequent DNS Query ID / DNS Notify https://www.youtube.com/watch?v=QgCuE_zKyMY GoAnywhere MFT Patch Available (and PoC) https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html https://my.goanywhere.com/webclient/Dashboard.xhtml Qakbot Mechanizes Distribution of Malicous OneNote Notebooks https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
ISC StormCast for Wednesday, February 8th, 2023
A Survey of Bluetooth Vulnerabilities Trends https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522 OpenSSL Vulnerabilities / Patches https://www.openssl.org/news/secadv/20230207.txt Packet Tuesday: Most Frequent DNS Query ID / DNS Notify https://www.youtube.com/watch?v=QgCuE_zKyMY GoAnywhere MFT Patch Available (and PoC) https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html https://my.goanywhere.com/webclient/Dashboard.xhtml Qakbot Mechanizes Distribution of Malicous OneNote Notebooks https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
ISC StormCast for Tuesday, February 7th, 2023
Earthquake Scams https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518 APIs Used By Bots to Detect Public IP Addresses https://isc.sans.edu/diary/APIs+Used+by+Bots+to+Detect+Public+IP+address/29516/ OpenSSH Vulnerablity Details CVE 2023-25136 https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1 A Novel State-of-the-Art Redis Malware https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware?&web_view=true
ISC StormCast for Tuesday, February 7th, 2023
Earthquake Scams https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518 APIs Used By Bots to Detect Public IP Addresses https://isc.sans.edu/diary/APIs+Used+by+Bots+to+Detect+Public+IP+address/29516/ OpenSSH Vulnerablity Details CVE 2023-25136 https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1 A Novel State-of-the-Art Redis Malware https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware?&web_view=true
ISC StormCast for Monday, February 6th, 2023
Assemblyline as a Malware Analysis Sandbox https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510 GoAnywhere MFT zero-day Exploited https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/ Ransomware targeting VMware ESXi https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/ Jira Service Managment Server and Data Center Advisory CVE-2023-22501 https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html OpenSSH Update https://www.openssh.com/releasenotes.html F5 BigIP Vulnerability CVE-2023-22374 https://my.f5.com/manage/s/article/K000130415
ISC StormCast for Monday, February 6th, 2023
Assemblyline as a Malware Analysis Sandbox https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510 GoAnywhere MFT zero-day Exploited https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/ Ransomware targeting VMware ESXi https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/ Jira Service Managment Server and Data Center Advisory CVE-2023-22501 https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html OpenSSH Update https://www.openssh.com/releasenotes.html F5 BigIP Vulnerability CVE-2023-22374 https://my.f5.com/manage/s/article/K000130415
ISC StormCast for Friday, February 3rd, 2023
Rotating Packet Captures with pfSense https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500 BEC Group Incorporates Secondary Impersonated Personas https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks MalVirt .Net Virtualization Thrives in Malvertising Attacks https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/ Cisco Remote Code Execution with Persistence https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html
ISC StormCast for Friday, February 3rd, 2023
Rotating Packet Captures with pfSense https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500 BEC Group Incorporates Secondary Impersonated Personas https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks MalVirt .Net Virtualization Thrives in Malvertising Attacks https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/ Cisco Remote Code Execution with Persistence https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html
ISC StormCast for Thursday, February 2nd, 2023
Detecting Malicious OneNote Files https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494 Microsoft Defender Device Isolation for Linux https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400 SH1MMER Exploit for Chromebooks https://sh1mmer.me DOMPDF SVG Parsing Vulnerability https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
ISC StormCast for Thursday, February 2nd, 2023
Detecting Malicious OneNote Files https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494 Microsoft Defender Device Isolation for Linux https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400 SH1MMER Exploit for Chromebooks https://sh1mmer.me DOMPDF SVG Parsing Vulnerability https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg