A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ISC StormCast for Tuesday, June 28th, 2022
Encrypted Client Hello: Anybody Using it Yet? https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/ Jenkins Advisory https://www.jenkins.io/security/advisory/2022-06-22/ Instagram Age Verification https://about.fb.com/news/2022/06/new-ways-to-verify-age-on-instagram/ CodeSys V2 Vulnerability https://github.com/ic3sw0rd/Codesys_V2_Vulnerability
ISC StormCast for Tuesday, June 28th, 2022
Encrypted Client Hello: Anybody Using it Yet? https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/ Jenkins Advisory https://www.jenkins.io/security/advisory/2022-06-22/ Instagram Age Verification https://about.fb.com/news/2022/06/new-ways-to-verify-age-on-instagram/ CodeSys V2 Vulnerability https://github.com/ic3sw0rd/Codesys_V2_Vulnerability
ISC StormCast for Monday, June 27th, 2022
Python Abusing the Windows GUI https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/ Malicious Code Passed to PowerShell via the Clipboard https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/ Attacking With WebView2 Applications https://mrd0x.com/attacking-with-webview2-applications/ Bronze Starlight Ransomware Operations Use Hui Loaders https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader Novel Exploit Detected in Mitel VoIP Appliance https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499
ISC StormCast for Monday, June 27th, 2022
Python Abusing the Windows GUI https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/ Malicious Code Passed to PowerShell via the Clipboard https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/ Attacking With WebView2 Applications https://mrd0x.com/attacking-with-webview2-applications/ Bronze Starlight Ransomware Operations Use Hui Loaders https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader Novel Exploit Detected in Mitel VoIP Appliance https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499
ISC StormCast for Thursday, June 23rd, 2022
Malicious PowerShell Targeting Cryptocurrency Browser Extensions https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/ Keeping PowerShell: Security Measures to Use and Embrace https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF Client-Side Magecart Attacks Still Around, But More Covert https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/ Chinese actor takes aim, armed with Nim Language and Bizarro AES https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/ Israeli Air Raid Sirens Hacked https://twitter.com/Israel_Cyber/status/1538821467785265153
ISC StormCast for Thursday, June 23rd, 2022
Malicious PowerShell Targeting Cryptocurrency Browser Extensions https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/ Keeping PowerShell: Security Measures to Use and Embrace https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF Client-Side Magecart Attacks Still Around, But More Covert https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/ Chinese actor takes aim, armed with Nim Language and Bizarro AES https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/ Israeli Air Raid Sirens Hacked https://twitter.com/Israel_Cyber/status/1538821467785265153
ISC StormCast for Wednesday, June 22nd, 2022
Experimental New Domain / Domain Age API https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/ Forescout Vedere Labs Discovers 56 OT Vulnerabilities https://www.forescout.com/resources/ot-icefall-report/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/ Does Acrobat Reader Unload Injection of Security Products https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products 7-Zip Mark-of-the-Web Support https://www.7-zip.org/history.txt
ISC StormCast for Wednesday, June 22nd, 2022
Experimental New Domain / Domain Age API https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/ Forescout Vedere Labs Discovers 56 OT Vulnerabilities https://www.forescout.com/resources/ot-icefall-report/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/ Does Acrobat Reader Unload Injection of Security Products https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products 7-Zip Mark-of-the-Web Support https://www.7-zip.org/history.txt
ISC StormCast for Tuesday, June 21st, 2022
Odd TCP Fast Open Packets https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/ DFSCoerce NTLM Relay Attack https://github.com/Wh04m1001/DFSCoerce https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429 Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/ Safari Vulnerability Analysis https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html Internet Explorer Remnants Still an Issue https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time
ISC StormCast for Tuesday, June 21st, 2022
Odd TCP Fast Open Packets https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/ DFSCoerce NTLM Relay Attack https://github.com/Wh04m1001/DFSCoerce https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429 Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/ Safari Vulnerability Analysis https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html Internet Explorer Remnants Still an Issue https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time
ISC StormCast for Monday, June 20th, 2022
Critical Vulnerability in Splunk Enterprise Deployment Server Functionality https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/ Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/ Proofpoint Discovers Potentially Dangerous Office 365 Functionality https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality
ISC StormCast for Monday, June 20th, 2022
Critical Vulnerability in Splunk Enterprise Deployment Server Functionality https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/ Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/ Proofpoint Discovers Potentially Dangerous Office 365 Functionality https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality
ISC StormCast for Friday, June 17th, 2022
Houdini is Back Delivered Through a JavaScript Dropper https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/ Drifting Cloud: Zero-Day Sophos Firewall Exploitation https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/ Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack Cisco Email Security Appliance and Cisco Secure Email and Web Manager https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/
ISC StormCast for Friday, June 17th, 2022
Houdini is Back Delivered Through a JavaScript Dropper https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/ Drifting Cloud: Zero-Day Sophos Firewall Exploitation https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/ Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack Cisco Email Security Appliance and Cisco Secure Email and Web Manager https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/
ISC StormCast for Thursday, June 16th, 2022
Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/ Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/ Cloud Middleware Dataset https://github.com/wiz-sec/cloud-middleware-dataset CVE-2022-26937 Windows Network File System NLM Portmap Stack Buffer Overflow https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow Citrix Application Delivery Management Security Bulletin https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512 Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/