A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
ISC StormCast for Friday, December 17th, 2021
How the "Contact Forms" Campaign Tricks People https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/ Bluetooth Used to Extract WiFi Secrets https://arxiv.org/pdf/2112.05719.pdf Lenovo Privilege Escalation Vulnerability https://support.lenovo.com/cy/en/product_security/len-75210 https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/ Log4j Updates https://github.com/cisagov/log4j-affected-db https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 https://twitter.com/sans_isc/status/1471611522694717445
ISC StormCast for Thursday, December 16th, 2021
Undetected Powershell Backdoor https://isc.sans.edu/forums/diary/Simple+but+Undetected+PowerShell+Backdoor/28138/ Adobe Security Updates https://helpx.adobe.com/security.html Remote Deserialization Bug in Microsoft RDP Client Through Smart Card Extension https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/ Webkit Bug Exploitable in PS4 https://arstechnica.com/gaming/2021/12/new-ps4-homebrew-exploit-points-to-similar-ps5-hacks-to-come/
ISC StormCast for Thursday, December 16th, 2021
Undetected Powershell Backdoor https://isc.sans.edu/forums/diary/Simple+but+Undetected+PowerShell+Backdoor/28138/ Adobe Security Updates https://helpx.adobe.com/security.html Remote Deserialization Bug in Microsoft RDP Client Through Smart Card Extension https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/ Webkit Bug Exploitable in PS4 https://arstechnica.com/gaming/2021/12/new-ps4-homebrew-exploit-points-to-similar-ps5-hacks-to-come/
ISC StormCast for Wednesday, December 15th, 2021
Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+December+2021+Patch+Tuesday/28132/ Log4j Updates https://isc.sans.edu/forums/diary/Log4j+2150+and+previously+suggested+mitigations+may+not+be+enough/28134/ Log4j Scanner https://github.com/dtact/divd-2021-00038--log4j-scanner Apple Updates https://support.apple.com/en-us/HT201222
ISC StormCast for Wednesday, December 15th, 2021
Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+December+2021+Patch+Tuesday/28132/ Log4j Updates https://isc.sans.edu/forums/diary/Log4j+2150+and+previously+suggested+mitigations+may+not+be+enough/28134/ Log4j Scanner https://github.com/dtact/divd-2021-00038--log4j-scanner Apple Updates https://support.apple.com/en-us/HT201222
ISC StormCast for Tuesday, December 14th, 2021
Log4Shell Becoming Part of the Day to Day Grind https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/ https://www.youtube.com/watch?v=oC2PZB5D3Ys Google Chrome Update https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html Malicious PyPi Packages https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2
ISC StormCast for Tuesday, December 14th, 2021
Log4Shell Becoming Part of the Day to Day Grind https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/ https://www.youtube.com/watch?v=oC2PZB5D3Ys Google Chrome Update https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html Malicious PyPi Packages https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2
ISC StormCast for Monday, December 13th, 2021
Remote Code Execution in log4j2 https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/ Log4j Zero Day https://www.lunasec.io/docs/blog/log4j-zero-day/ Log4j2/Log4Shell Followup: What we see and how to defend and how to access our data https://isc.sans.edu/forums/diary/Log4j+Log4Shell+Followup+What+we+see+and+how+to+defend+and+how+to+access+our+data/28122/ Log4Shell Vendor Bulletins https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
ISC StormCast for Monday, December 13th, 2021
Remote Code Execution in log4j2 https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/ Log4j Zero Day https://www.lunasec.io/docs/blog/log4j-zero-day/ Log4j2/Log4Shell Followup: What we see and how to defend and how to access our data https://isc.sans.edu/forums/diary/Log4j+Log4Shell+Followup+What+we+see+and+how+to+defend+and+how+to+access+our+data/28122/ Log4Shell Vendor Bulletins https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
ISC StormCast for Friday, December 10th, 2021
Phishing Direct Messages via Discord https://isc.sans.edu/forums/diary/Phishing+Direct+Messages+via+Discord/28114/ Vulnerable Microtik Routers https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/ log4j RCE 0-day https://www.lunasec.io/docs/blog/log4j-zero-day/ Sonicwall SMA 100 Patch https://www.sonicwall.com/support/product-notification/product-security-notice-sma-100-series-vulnerability-patches-q4-2021/211201154715443/
ISC StormCast for Friday, December 10th, 2021
Phishing Direct Messages via Discord https://isc.sans.edu/forums/diary/Phishing+Direct+Messages+via+Discord/28114/ Vulnerable Microtik Routers https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/ log4j RCE 0-day https://www.lunasec.io/docs/blog/log4j-zero-day/ Sonicwall SMA 100 Patch https://www.sonicwall.com/support/product-notification/product-security-notice-sma-100-series-vulnerability-patches-q4-2021/211201154715443/
ISC StormCast for Thursday, December 9th, 2021
December 2021 Forensic Challenge https://isc.sans.edu/forums/diary/December+2021+Forensic+Challenge/28108/ Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection Android Patch Day https://source.android.com/security/bulletin/2021-12-01?hl=en
ISC StormCast for Thursday, December 9th, 2021
December 2021 Forensic Challenge https://isc.sans.edu/forums/diary/December+2021+Forensic+Challenge/28108/ Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection Android Patch Day https://source.android.com/security/bulletin/2021-12-01?hl=en
ISC StormCast for Wednesday, December 8th, 2021
Webshells, Webshells everywhere! https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/ AWS Outage https://status.aws.amazon.com Misconfigured Kafdrop Puts Companies' Apache Kafka Completely Exposed https://spectralops.io/blog/misconfigured-kafdrop-puts-companies-apache-kafka-completely-exposed/ Windows 10 RCE: The exploit is in the link https://positive.security/blog/ms-officecmd-rce XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers https://xsinator.com/paper.pdf
ISC StormCast for Wednesday, December 8th, 2021
Webshells, Webshells everywhere! https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/ AWS Outage https://status.aws.amazon.com Misconfigured Kafdrop Puts Companies' Apache Kafka Completely Exposed https://spectralops.io/blog/misconfigured-kafdrop-puts-companies-apache-kafka-completely-exposed/ Windows 10 RCE: The exploit is in the link https://positive.security/blog/ms-officecmd-rce XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers https://xsinator.com/paper.pdf