SANS Internet Storm Center Daily Network Security News-logo

SANS Internet Storm Center Daily Network Security News

114 Favorites

The podcast is published every weekday and typically 5-10 minutes long. It covers current network security news.

The podcast is published every weekday and typically 5-10 minutes long. It covers current network security news.
More Information

Location:

United States

Description:

The podcast is published every weekday and typically 5-10 minutes long. It covers current network security news.

Twitter:

@sans_isc

Language:

English

Contact:

904 805 3116


Episodes

ISC StormCast for Wednesday, November 22nd 2017

11/22/2017
More
Ethereum JSON-RPC Scans https://isc.sans.edu/forums/diary/Internet+Wide+Ethereum+JSONRPC+Scans/23061/ Updated OWASP Top 10 Released https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf TPLink Often Provides Outdated Firmware Version For Download https://www.ctrl.blog/entry/tplink-firmware-outdated-downloads

Duration: 00:06:49


ISC StormCast for Tuesday, November 21st 2017

11/21/2017
More
Intel Patches Several Vulnerabilities in its Management Engine https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr Sandsifter CPU Fuzzer https://github.com/xoreaxeaxeax/sandsifter/ Android MediaProjection API Allows For Screen Capture / Audio Recording Without User Consent https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-MediaProjection-tapjacking-advisory-2017-11-13.pdf BusyBox Autocompletion...

Duration: 00:05:42


ISC StormCast for Monday, November 20th 2017

11/20/2017
More
Bitcoin Pickpockets Scanning For Wallets https://isc.sans.edu/forums/diary/BTC+Pickpockets/23052/ Resume-themed Malspam Pushing Smoker Loader https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/ F5-BigIP TLS Vulnerability https://support.f5.com/csp/article/K21905460 Microsoft Updates Patches / May Have Lost...

Duration: 00:07:08


ISC StormCast for Friday, November 17th 2017

11/17/2017
More
A Domain Dashboard For Splunk https://isc.sans.edu/forums/diary/Suspicious+Domains+Tracking+Dashboard/23046/ Oracle Critical PeopleSoft Patch http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html#AppendixFMW GitHub Introducing Security Alerts for Dependencies https://github.com/blog/2470-introducing-security-alerts-on-github Exposing IP Addresses For Hidden Services http://sh1ttykids.hateblo.jp/entry/2017/11/16/182001

Duration: 00:06:00


ISC StormCast for Thursday, November 16th 2017

11/16/2017
More
Malicious Document Turns Off Word Macro Protections https://isc.sans.edu/forums/diary/If+you+want+something+done+right+do+it+yourself/23042/ Blueborne Affects Amazon Echo and Google Home Devices (now patched) http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf More Malicious Apps In Google's Play Store https://www.bleepingcomputer.com/news/security/google-play-store-sees-sudden-surge-of-malicious-apps/ OnePlus Phones Found With Preinstalled Debug...

Duration: 00:06:13


ISC StormCast for Wednesday, November 15th 2017

11/15/2017
More
Microsoft Patch Tuesday Updates https://helpx.adobe.com/security.html Adobe Patches https://helpx.adobe.com/security.html Abusing Anti-Virus Quarantine Folders for Priv. Escalation https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/

Duration: 00:05:45


ISC StormCast for Tuesday, November 14th 2017

11/14/2017
More
FaceID Beaten By Mask http://www.bkav.com/d/top-news/-/view_content/content/103968/face-id-beaten-by-mask-not-an-effective-security-measure Various URL Validation and HTTP Request Libraries Allow SSRF https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf Using Heart Rythm As Biometric ID http://www.buffalo.edu/news/releases/2017/09/034.html

Duration: 00:07:55


ISC StormCast for Monday, November 13th 2017

11/13/2017
More
Auditing TLS Root Certificates on Windows https://isc.sans.edu/forums/diary/Keep+An+Eye+on+your+Root+Certificates/23030/ How Google Accounts Are Hijacked https://security.googleblog.com/2017/11/new-research-understanding-root-cause.html Battling E-Mail Phishing https://isc.sans.edu/forums/diary/Battling+email+phishing/23028/ Hacking Airplanes http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/

Duration: 00:06:40


ISC StormCast for Friday, November 10th 2017

11/10/2017
More
Twilio Credentials Found in Mobile Apps (requires registration) http://info.appthority.com/-q4-2017-mtr-download-eavesdropper Drive By Cryto Currency Mining Keeps Increasing https://go.malwarebytes.com/rs/805-USG-300/images/Drive-by_Mining_FINAL.pdf Intel's Management Engine Firmware Decoded https://twitter.com/h0t_max https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/

Duration: 00:07:09


ISC StormCast for Thursday, November 9th 2017

11/9/2017
More
Mantistek Gaming Keyboard Cloud Driver Exfiltrates Keystroke Data https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html Logitech Will Discontinue Harmony Link Device and Brick it via Firmware Update in March 2018 https://www.theverge.com/circuitbreaker/2017/11/8/16623076/logitech-harmony-link-discontinued-bricked Amazon Is Introducing Additional Security Features for S3 https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/

Duration: 00:06:26


ISC StormCast for Wednesday, November 8th 2017

11/8/2017
More
Interesting RTF Maldoc VBA Dropper https://isc.sans.edu/forums/diary/Interesting+VBA+Dropper/23016/ Multiple Linux USB Flaws Made Public http://www.openwall.com/lists/oss-security/2017/11/06/8 Google Android November Patches https://source.android.com/security/bulletin/2017-11-01#media-framework Ethereum Multi Signature Wallet Bug Cause Loss of $280 Million https://paritytech.io/blog/security-alert.html https://github.com/paritytech/parity/issues/6995

Duration: 00:06:31


ISC StormCast for Tuesday, November 7th 2017

11/7/2017
More
Fake WhatsApp App in Google Play Store https://www.reddit.com/r/Android/comments/7ahujw/psa_two_different_developers_under_the_same_name/ Crunchyroll.com Redirect Leads to Malware https://blog.ellation.com/crunchyroll-com-update-a2a593cf9155 https://bartblaze.blogspot.com.au/2017/11/crunchyroll-hack-delivers-malware.html Recovering Previously Encrypted iOS Backups https://www.gillware.com/forensics/blog/digital-forensics-case-study/new-solution-encrypted-backups/

Duration: 00:06:17


ISC StormCast for Monday, November 6th 2017

11/6/2017
More
PDF Parser for URLs and Text Content of PDFs https://isc.sans.edu/forums/diary/Extracting+the+text+from+PDF+documents/23008/ https://isc.sans.edu/forums/diary/PDF+documents+URLs/23006/ Mobile Pwn2Own Contest 2017 https://www.zerodayinitiative.com/blog OpenSSL Patch https://www.openssl.org/news/secadv/20171102.txt IEEE P1735 Standard Leads to Weak Crypto https://eprint.iacr.org/2017/828.pdf

Duration: 00:05:14


ISC StormCast for Friday, November 3rd 2017

11/2/2017
More
Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf Half of Most Popular Free iOS Apps do not use TLS correctly http://www.zeit.de/digital/datenschutz/2017-10/iphone-ios-apps-hacker-verschluesselung/komplettansicht#comments Image Downloader Chrome Extension Includes Adware https://www.bleepingcomputer.com/news/security/psa-beware-the-image-downloader-chrome-adware-extension/ Employees Pay Up...

Duration: 00:07:12


ISC StormCast for Thursday, November 2nd 2017

11/1/2017
More
Configuring SSH Properly on Cisco IOS https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/ Ethereum Miners Hijacked via Default SSH Credentials https://labs.bitdefender.com/2017/11/ethereum-os-miners-targeted-by-ssh-based-hijacker/ Crypto Shuffler Steals Bitcoin From Clipboard https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/ Google Calender Event Injection Added To Mail...

Duration: 00:05:36


ISC StormCast for Wednesday, November 1st 2017

10/31/2017
More
Malicious Powershell Code https://isc.sans.edu/forums/diary/Some+Powershell+Malicious+Code/22988/ Apple Updates Everything https://support.apple.com/en-gb/HT201222 Internet Draft To Update IoT Devices https://tools.ietf.org/html/draft-moran-suit-architecture-00

Duration: 00:05:20


ISC StormCast for Tuesday, October 31st 2017

10/30/2017
More
Google Chrome Moving Away from HTTPS Public Key Pinning (HPKP) https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ Effort To Remove Trust From Dutch CA Over New Intercept Law https://bugzilla.mozilla.org/show_bug.cgi?id=1408647 Crypto Coin Mining Feature Found in Google App Store Downloads http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/

Duration: 00:06:08


ISC StormCast for Monday, October 30th 2017

10/29/2017
More
Critical New Oracle Patch http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html CatchAll Google Chrome Plugins https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/ ACE Files Used For Malware https://isc.sans.edu/forums/diary/Remember+ACE+files/22978/

Duration: 00:05:06


ISC StormCast for Friday, October 27th 2017

10/26/2017
More
Results of Kaspersky's Internal Investigation https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/ Infineon Bug Testing Tool https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc Micropatch Available for "DDE...

Duration: 00:05:58


ISC StormCast for Thursday, October 26th 2017

10/25/2017
More
Coinhive Domain Compromise https://coinhive.com/blog/dns-breach Dell Loses Control of Backup and Recovery Cloud Storage Domain https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/#more-41267 Google ReCaptcha Broken https://github.com/ecthros/uncaptcha Users in Iran Targeted by Cryptoransomware Masquerading as VPN https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/ Crypto...

Duration: 00:06:25

See More