SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
Oct 5, 2023 • 6min
ISC StormCast for Thursday, October 5th, 2023
This podcast discusses the importance of detecting anomalies in TCP and UDP sessions, and highlights an Apple update addressing security vulnerabilities. It also covers WebRTC vulnerabilities, Glib C library flaws, and emphasizes the significance of timely patching.
Oct 4, 2023 • 6min
ISC StormCast for Wednesday, October 4th, 2023
The podcast discusses the limitations and risks of using large language models, including leaked data and inappropriate sharing. They also talk about creating personalized language models and a critical vulnerability in TorchSurf. Additionally, they explore how machine learning can solve CAPTCHAs better than humans and discuss a phishing attack that exploits an open redirect to steal online credentials.
Oct 3, 2023 • 6min
ISC StormCast for Tuesday, October 3rd, 2023
Discussion on SIP file encryption, XM mail server vulnerabilities, and ARM Mali GPU driver vulnerabilities. Malicious ads in Bing's chatbot and unauthorized content in AI training.
Oct 2, 2023 • 5min
ISC StormCast for Monday, October 2nd, 2023
This podcast discusses the analysis of MIME files, infostealers searching for password files, a simple netcat backdoor, the response to the ZDI release by EXIM, and an exploit for a WS_FTP vulnerability. The chapters cover a netcat backdoor, a password-hunting backdoor, EML dump for malware analysis, the XM WONA Belize vulnerability update, NTLM authentication risks, and the importance of updating WSFTP servers.
Sep 29, 2023 • 5min
ISC StormCast for Friday, September 29th, 2023
This podcast covers topics such as IP address representation, a Chrome update fixing a 0-day vulnerability, unpatched EXIM vulnerabilities, and WSFTP vulnerabilities.
Sep 28, 2023 • 7min
ISC StormCast for Thursday, September 28th, 2023
Topics discussed in this podcast include a GPU side channel attack in web browsers, compromised routers with backdoor access, confusion regarding libwebp vulnerabilities, and fake Dependabot commits.
Sep 27, 2023 • 7min
ISC StormCast for Wednesday, September 27th, 2023
Discover a new variety of phishing attack that uses a unique technique to trick users. Learn about a phishing email and the release of Mac OS Sonoma with its security updates including fixes for vulnerabilities.
Sep 26, 2023 • 5min
ISC StormCast for Tuesday, September 26th, 2023
Report on targeted attacks using LuaJIT malware against telcos in Europe, North Africa, and the Middle East. Discussion on critical vulnerabilities in System Information Library for Node.js and JetBrains TeamCity.
Sep 25, 2023 • 7min
ISC StormCast for Monday, September 25th, 2023
Discussion on vulnerabilities in Laravel framework and importance of securing sensitive credentials. Mention of fake proof of concept exploit for Winrar vulnerability. Details on the Venom rat exploit and attack on hotel networks. Announcement of upcoming event in Jacksonville.
Sep 22, 2023 • 6min
ISC StormCast for Friday, September 22nd, 2023
Apple Patches Three 0-Days
https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238
WebP Vulnerability
https://blog.isosceles.com/the-webp-0day/
MOVEit Transfer Service Pack
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023
Improved Passkey Support in Windows 11
https://www.microsoft.com/en-us/security/blog/2023/09/21/new-microsoft-security-tools-to-protect-families-and-businesses/
