A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Thursday, September 29th, 2022
10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability https://isc.sans.edu/forums/diary/10+Years+Later+Attacker+rediscovering+old+VTiger+CRM+Vulnerability/29098 IRS Reports Significant Increase in Texting Scams https://www.irs.gov/newsroom/irs-reports-significant-increase-in-texting-scams-warns-taxpayers-to-remain-vigilant Cloudflare Releases Turnsitle, a user-friendly, privacy-preserving CAPTCHA alternative https://blog.cloudflare.com/turnstile-private-captcha-alternative/ Cisco Patches https://kb.cert.org/vuls/id/855201 Chrome 106 Release https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html?m=1
ISC StormCast for Wednesday, September 28th, 2022
DNS Option 15 and Debugging DNSSEC Errors https://isc.sans.edu/forums/diary/DNS+Option+15+Debugging+DNSSEC+Errors/29094 Yari: A New Era of Yara Debugging https://engineering.avast.io/yari-a-new-era-of-yara-debugging/ HTTP Archive Almanac https://almanac.httparchive.org/en/2022/security
ISC StormCast for Wednesday, September 28th, 2022
DNS Option 15 and Debugging DNSSEC Errors https://isc.sans.edu/forums/diary/DNS+Option+15+Debugging+DNSSEC+Errors/29094 Yari: A New Era of Yara Debugging https://engineering.avast.io/yari-a-new-era-of-yara-debugging/ HTTP Archive Almanac https://almanac.httparchive.org/en/2022/security
ISC StormCast for Tuesday, September 27th, 2022
Easy Python Sandbox Detection https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090 Hackers use PowerPoint Files for "Mouseover" Malware Delivery https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/ Redis 7.0 XAUTOCLAIM Heap Overflow https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9 Scoreboard Hacking https://maxwelldulin.com/BlogPost?post=7118102528
ISC StormCast for Tuesday, September 27th, 2022
Easy Python Sandbox Detection https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090 Hackers use PowerPoint Files for "Mouseover" Malware Delivery https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/ Redis 7.0 XAUTOCLAIM Heap Overflow https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9 Scoreboard Hacking https://maxwelldulin.com/BlogPost?post=7118102528
ISC StormCast for Monday, September 26th, 2022
Kids Like Cookies and Malware Likes them Too https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082 Downloading Files from Removed Domains https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/ WhatsApp Security Updates https://www.whatsapp.com/security/advisories/2022/ Sophos RCE Flaw https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce CircleCI Phishing Attacks Used to Access GitHub Accounts https://discuss.circleci.com/t/circleci-security-alert-warning-phishing-attempt-for-login-credentials/45408
ISC StormCast for Monday, September 26th, 2022
Kids Like Cookies and Malware Likes them Too https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082 Downloading Files from Removed Domains https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/ WhatsApp Security Updates https://www.whatsapp.com/security/advisories/2022/ Sophos RCE Flaw https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce CircleCI Phishing Attacks Used to Access GitHub Accounts https://discuss.circleci.com/t/circleci-security-alert-warning-phishing-attempt-for-login-credentials/45408
ISC StormCast for Friday, September 23rd, 2022
RAT Delivered Through FODHelper https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078 Microsoft Endpoint Configuration Manager Spoofing Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972 New Fuzzing Tool: cifuzz https://github.com/CodeIntelligenceTesting/cifuzz No Security Updates from Apple https://support.apple.com/en-us/HT201222
ISC StormCast for Friday, September 23rd, 2022
RAT Delivered Through FODHelper https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078 Microsoft Endpoint Configuration Manager Spoofing Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972 New Fuzzing Tool: cifuzz https://github.com/CodeIntelligenceTesting/cifuzz No Security Updates from Apple https://support.apple.com/en-us/HT201222
ISC StormCast for Thursday, September 22nd, 2022
Phishing Campaigns Use Free Only Resources https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/ Insecure use of tarfile.extract in Python https://bugs.python.org/issue1044#msg55464 Twitter Failed to Logout Users After Password Reset https://privacy.twitter.com/en/blog/2022/an-issue-impacting-password-resets
ISC StormCast for Thursday, September 22nd, 2022
Phishing Campaigns Use Free Only Resources https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/ Insecure use of tarfile.extract in Python https://bugs.python.org/issue1044#msg55464 Twitter Failed to Logout Users After Password Reset https://privacy.twitter.com/en/blog/2022/an-issue-impacting-password-resets
ISC StormCast for Wednesday, September 21st, 2022
Chainsaw: Hunt, search and extract event log records https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066 PDU Exploits past NAT https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices Tamper Protection will be turned on for all Enterprise Customers https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478
ISC StormCast for Wednesday, September 21st, 2022
Chainsaw: Hunt, search and extract event log records https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066 PDU Exploits past NAT https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices Tamper Protection will be turned on for all Enterprise Customers https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478
ISC StormCast for Tuesday, September 20th, 2022
Preventing ISO Malware https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062 State of Emotet https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022 Undermining Microsoft Teams Security by Mining Tokens https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens
ISC StormCast for Tuesday, September 20th, 2022
Preventing ISO Malware https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062 State of Emotet https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022 Undermining Microsoft Teams Security by Mining Tokens https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens