SANS Internet Storm Center Daily Network Security News-logo

SANS Internet Storm Center Daily Network Security News

Technology Podcasts >

The podcast is published every weekday and typically 5-10 minutes long. It covers current network security news.

The podcast is published every weekday and typically 5-10 minutes long. It covers current network security news.
More Information

Location:

United States

Description:

The podcast is published every weekday and typically 5-10 minutes long. It covers current network security news.

Twitter:

@sans_isc

Language:

English

Contact:

904 805 3116


Episodes

ISC StormCast for Friday, February 23rd 2018

2/23/2018
More
Another Intel Spectre Update https://newsroom.intel.com/news/latest-intel-security-news-updated-firmware-available/ npm Patch kills BSD Systems http://blog.npmjs.org/post/171169301000/v571 https://github.com/npm/npm/issues/19883 Counterfeit Code Signing Certificates on the Rise https://www.recordedfuture.com/code-signing-certificates/

Duration:00:05:59

ISC StormCast for Thursday, February 22nd 2018

2/22/2018
More
Password Spraying for Active Directory Credentials https://isc.sans.edu/forums/diary/Should+We+Call+it+Quits+for+Passwords+Or+Password+Spraying+for+the+Win/23361/ Critical Cisco Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x Windows Privilege Escalation Flaw https://bugs.chromium.org/p/project-zero/issues/detail?id=1428

Duration:00:06:03

ISC StormCast for Wednesday, February 21st 2018

2/21/2018
More
Statically Unpacking a Brazilian Banker Malware Sample https://isc.sans.edu/forums/diary/Statically+Unpacking+a+Brazilian+Banker+Malware/23359/ More Crypto Miners https://blog.redlock.io/cryptojacking-tesla Difficulties Detecting Coldroot RAT Affecting MacOS/OSX Systems https://objective-see.com/blog/blog_0x2A.html uTorrent Remote Code Execution Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1524

Duration:00:05:25

ISC StormCast for Tuesday, February 20th 2018

2/20/2018
More
Apple Releases Fix for Unicode Messaging DoS Flaw in All Operating Systems https://support.apple.com/en-us/HT208534 Flight Simulator Mod Company Uses Password Stealer to "Fight Back" https://www.reddit.com/r/flightsim/comments/7yh4zu/fslabs_a320_installer_seems_to_include_a_chrome/ https://forums.flightsimlabs.com/index.php?/announcement/10-a320-x-drm-clarification/ Bypassing Microsoft's Anti Malware Scan...

Duration:00:05:32

ISC StormCast for Monday, February 19th 2018

2/19/2018
More
Inspecting Malicious MSI Files https://isc.sans.edu/forums/diary/Malware+Delivered+via+Windows+Installer+Files/23349/ Monero Miner Injected via Jenkins Flaw https://research.checkpoint.com/jenkins-miner-one-biggest-mining-operations-ever-discovered/ Microsoft Edge Arbitrary Code Guard Bypass https://bugs.chromium.org/p/project-zero/issues/detail?id=1435 macOS APFS May Lose Data https://bombich.com/blog/2018/02/15/macos-may-lose-data-on-apfs-formatted-disk-images

Duration:00:06:02

ISC StormCast for Friday, February 16th 2018

2/16/2018
More
Skype Update Vulnerability Fixed in October https://answers.microsoft.com/en-us/skype/forum/skype_newsms/update-on-installer-for-skype-for-windows-desktop/242f1415-1399-42e1-a6a2-cd535c8b7ff8?tm=1518635969608&auth=1 iOS Indian Character DoS http://www.openradar.me/37458268 Executing Code in Word Without Macros https://www.trustwave.com/Resources/SpiderLabs-Blog/Multi-Stage-Email-Word-Attack-without-Macros/ Phishing Via Google Ads Against...

Duration:00:06:46

ISC StormCast for Thursday, February 15th 2018

2/15/2018
More
Meltdown Prime and SpectrePrime: More CPU Exploits Coming https://arxiv.org/abs/1802.03802 Winter Olympics Attack Launched via IT Provider https://www.cyberscoop.com/atos-olympics-hack-olympic-destroyer-malware-peyongchang/ OpenSSL Releases TLS 1.3 Alpha as Part of OpenSSL 1.1.1 pre release 1 https://www.openssl.org/news/openssl-1.1.1-notes.html Double Door...

Duration:00:06:59

ISC StormCast for Wednesday, February 14th 2018

2/14/2018
More
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/February+2018+Microsoft+and+Adobe+Patch+Tuesday/23341/ Skype Update Privilege Escalation Vulnerability http://seclists.org/fulldisclosure/2018/Feb/33 Telegram Vulnerability Exploited to Spread Cryptocoin Miner https://securelist.com/zero-day-vulnerability-in-telegram/83800/

Duration:00:06:11

ISC StormCast for Tuesday, February 13th 2018

2/13/2018
More
Malspam using Valentines DAy and IRS to Lure Users https://securityintelligence.com/necurs-spammers-go-all-in-to-find-a-valentines-day-victim/ https://myonlinesecurity.co.uk/please-note-irs-urgent-message-164-malspam-delivers-rapid-ransomware/ Resurrecting Old GitHub Accounts https://www.theregister.co.uk/2018/02/10/github_account_name_reuse/ Simple USB Exploit for KDE https://www.kde.org/info/security/advisory-20180208-2.txt Wordpress Breaks...

Duration:00:06:27

ISC StormCast for Monday, February 12th 2018

2/12/2018
More
Signed Dridex Malware and Identifying Signed Word Macros https://isc.sans.edu/forums/diary/An+autograph+from+the+Dridex+gang/23331/ https://isc.sans.edu/forums/diary/Finding+VBA+signatures+in+Word+documents/23333/ Browsealoud Plugin Used to Compromise High Profile Sites http://www.theregister.co.uk/2018/02/11/browsealoud_compromised_coinhive/ https://www.texthelp.com/en-gb/company/corporate-blog/february-2018/data-security-investigation-underway-at-texthelp/ BitGrail Insolvent After...

Duration:00:05:39

ISC StormCast for Friday, February 9th 2018

2/9/2018
More
Exploiting Blind SQL Injection and Division by Zero Exceptions https://isc.sans.edu/forums/diary/SQL+injection+and+division+by+zero+exceptions/23325/ Netgear Router Flaws https://www.trustwave.com/Resources/SpiderLabs-Blog/Multiple-Vulnerabilities-in-NETGEAR-Routers/ Apple's iBoot Source Code Leaks on Github https://github.com/github/dmca/blob/master/2018/2018-02-07-Apple.md Hotspot Shield VPN Vulnerable to DNS...

Duration:00:06:07

ISC StormCast for Thursday, February 8th 2018

2/8/2018
More
PinMe: Tracking a Smarthphone User around the World https://arxiv.org/pdf/1802.01468.pdf NameCheap Vulnerability Allows Unauthorized Subdomain Creation; https://www.kirkville.com/namecheap-name-server-vulnerability-allows-unauthorized-users-to-create-sub-domains/ Manipulating Gas Prices via Vulnerable Software https://securelist.com/expensive-gas/83542/ Android February Patches https://source.android.com/security/bulletin/2018-02-01 Cisco Updates for Cisco RV132W and...

Duration:00:06:16

ISC StormCast for Wednesday, February 7th 2018

2/7/2018
More
Loki Bot Malspam Variations https://isc.sans.edu/forums/diary/3+examples+of+malspam+pushing+LokiBot+malware/23317/ Adobe Releases Out-of-Band Patch https://helpx.adobe.com/security/products/flash-player/apsb18-03.html Grammarly Fixes Patch in Google Chrome Plugin https://bugs.chromium.org/p/project-zero/issues/detail?id=1527&desc=2#maincol Windows Protected Folders Bypass http://www.securitybydefault.com/2018/01/microsoft-anti-ransomware-bypass-not.html DanderSpritz/PeddleCheap...

Duration:00:06:31

ISC StormCast for Tuesday, February 6th 2018

2/6/2018
More
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1 https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf https://pastebin.com/YrBcG2Ln TLS Extension Covert Channel https://www.fidelissecurity.com/threatgeek/2018/02/exposing-x509-vulnerabilities CSRF Token Exfil via CSS https://github.com/dxa4481/cssInjection

Duration:00:06:24

ISC StormCast for Monday, February 5th 2018

2/5/2018
More
Simple but Effective Malicious XLS Sheet https://isc.sans.edu/forums/diary/Simple+but+Effective+Malicious+XLS+Sheet/23305/ Botnet Taking Advantage of Exposed Debug Port http://blog.netlab.360.com/early-warning-adb-miner-a-mining-botnet-utilizing-android-adb-is-now-rapidly-spreading-en/ Qnatifying Untrusted Symantec Certificates https://arkadiyt.com/2018/02/04/quantifying-untrusted-symantec-certificates/

Duration:00:05:38

ISC StormCast for Friday, February 2nd 2018

2/2/2018
More
Adobe Flash 0-Day https://isc.sans.edu/forums/diary/Adobe+Flash+0Day+Used+Against+South+Korean+Targets/23301/ Adaptive Phishing Kit https://isc.sans.edu/forums/diary/Adaptive+Phishing+Kit/23299/ Crypto Miners "Payload of Choice" http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html Autosploit Links Shodan to Metasploit https://github.com/NullArray/AutoSploit

Duration:00:05:31

ISC StormCast for Thursday, February 1st 2018

2/1/2018
More
Tax Phishing Season Starts https://isc.sans.edu/forums/diary/Tax+Phishing+Time/23295/ Using FLIR In Incident Response https://isc.sans.edu/forums/diary/Using+FLIR+in+Incident+Response/23291/ Oracle MICROS POS Vulnerability https://erpscan.com/press-center/blog/oracle-micros-pos-breached/

Duration:00:06:50

ISC StormCast for Wednesday, January 31st 2018

1/30/2018
More
DCShadow Attack https://www.dropbox.com/s/baypdb6glmvp0j9/Buehat%20IL%20v2.3.pdf https://blog.alsid.eu/dcshadow-explained-4510f52fc19d Cisco WebVPN Update https://isc.sans.edu/forums/diary/Cisco+ASA+WebVPN+Vulnerability/23289/ Reviving DDE Code Execution via OneNote https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee

Duration:00:06:56

ISC StormCast for Tuesday, January 30th 2018

1/30/2018
More
Lenovo Fingerprint Mananger Pro Vulnerability https://support.lenovo.com/us/en/product_security/len-15999 ClamAV Vulnerablities http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html https://blog.malwarebytes.com/malwarebytes-news/2018/01/important-web-blocking-ram-usage/ Malwarebytes Corrupted Update https://www.malwarebytes.com/pdf/WebProtectionFP.pdf Cisco Adaptive Security Appliance Remote Code Execution...

Duration:00:06:11

ISC StormCast for Monday, January 29th 2018

1/29/2018
More
Analyzing a Word Document Used in a Pentest https://isc.sans.edu/forums/diary/Is+this+a+pentest/23283/ Analyzing BITS Activity https://isc.sans.edu/forums/diary/Investigating+Microsoft+BITS+Activity/23281/ CryptoJacking on YouTube due to Malicious Ads https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/ Coincheck Hack Nets 400M USD https://coincheck.com/en/blog/4673 PHPBB Mirror...

Duration:00:06:10

See More