SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) – Détails, épisodes et analyse

Détails du podcast

Informations techniques et générales issues du flux RSS du podcast.

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrich

News

Technology

Fréquence : 1 épisode/2j. Total Éps: 2000

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Site

RSS

Apple

Classements récents

Dernières positions dans les classements Apple Podcasts et Spotify.

Apple Podcasts

🇨🇦 Canada - techNews
28/07/2025
#88
🇬🇧 Grande Bretagne - techNews
28/07/2025
#55
🇩🇪 Allemagne - techNews
28/07/2025
#56
🇺🇸 États-Unis - techNews
28/07/2025
#23
🇫🇷 France - techNews
28/07/2025
#37
🇨🇦 Canada - techNews
27/07/2025
#63
🇬🇧 Grande Bretagne - techNews
27/07/2025
#35
🇩🇪 Allemagne - techNews
27/07/2025
#46
🇺🇸 États-Unis - techNews
27/07/2025
#19
🇫🇷 France - techNews
27/07/2025
#21

Spotify

Aucun classement récent disponible

Liens partagés entre épisodes et podcasts

Liens présents dans les descriptions d'épisodes et autres podcasts les utilisant également.

See all

https://groups.google.com/forum/#
138 partages
https://helpx.adobe.com/security.html
85 partages
https://helpx.adobe.com/security/security-bulletin.html
52 partages

https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
11 partages
https://github.com/sans-blue-team/DeepBlueCLI
11 partages
https://github.com/ossf/scorecard
9 partages

https://twitter.com/lemiorhan/status/935578694541770752
8 partages
https://twitter.com/0xDUDE
4 partages
https://twitter.com/fs0c131y
4 partages

Qualité et score du flux RSS

Évaluation technique de la qualité et de la structure du flux RSS.

See all

Qualité du flux RSS

À améliorer

Score global : 58%

Historique des publications

Répartition mensuelle des publications d'épisodes au fil des années.

Year

Episodes published by month in

Derniers épisodes publiés

Liste des épisodes récents, avec titres, durées et descriptions.

See all

SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail

Épisode 9392

jeudi 3 avril 2025 • Durée 09:23

Surge in Scans for Juniper t128 Default User
Lasst week, we dedtect a significant surge in ssh scans for the username t128 . This user is used by Juniper s Session Smart Routing, a product they acquired from 128 Technologies which is the reason for the somewhat unusual username.
https://isc.sans.edu/diary/Surge%20in%20Scans%20for%20Juniper%20%22t128%22%20Default%20User/31824
Vulnerable Verizon API Allowed for Access to Call Logs
An API Verizon offered to users of its call filtering application suffered from an authentication bypass vulnerability allowing users to access any Verizon user s call history. While using a JWT to authenticate the user, the phone number used to retrieve the call history logs was passed in a not-authenticated header.
https://evanconnelly.github.io/post/hacking-call-records/
Google Offering End-to-End Encryption to G-Mail Business Users
Google will add an end-to-end encryption feature to commercial GMail users. However, for non GMail users to read the emails they first must click on a link and log in to Google.
https://workspace.google.com/blog/identity-and-security/gmail-easy-end-to-end-encryption-all-businesses

SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything;

Épisode 9390

mercredi 2 avril 2025 • Durée 07:16

Apple Patches Everything
Apple released updates for all of its operating systems. Most were released on Monday with WatchOS patches released today on Tuesday. Two already exploited vulnerabilities, which were already patched in the latest iOS and macOS versions, are now patched for older operating systems as well. A total of 145 vulnerabilities were patched.
https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20March%2031st%202025%20Edition/31816
VMWare Workstation and Fusion update check broken
VMWare s automatic update check in its Workstation and Fusion products is currently broken due to a redirect added as part of the Broadcom transition
https://community.broadcom.com/vmware-cloud-foundation/question/certificate-error-is-occured-during-connecting-update-server
NIM Postgres Vulnerability
NIM Developers using prepared statements to send SQL queries to Postgres may expose themselves to a SQL injection vulnerability. NIM s Postgres library does not appear to use actual prepared statements; instead, it assembles the code and the user data as a string and passes them on to the database. This may lead to a SQL injection vulnerability
https://blog.nns.ee/2025/03/28/nim-postgres-vulnerability/

SANS Stormcast Thursday Mar 20th: Cisco Smart Licensing Attacks; Vulnerable Drivers again; Synology Advisories Updated

Épisode 9372

jeudi 20 mars 2025 • Durée 07:09

Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 CVE-2024-20440
Attackers added last September's Cisco Smart Licensing Utility vulnerability to their toolset. These attacks orginate most likely from botnets and the same attackers are scanning for a wide range of additional vulnerabilities. The vulnerability is a static credential issue and trivial to exploit after the credentials were published last fall.
https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Cisco%20Smart%20Licensing%20Utility%20CVE-2024-20439%20and%20CVE-2024-20440/31782
Legacy Driver Exploitation Through Bypassing Certificate Verification
Ahnlab documented a new type of "bring your own vulnerable driver" vulnerability. In this case, an old driver used by an anit-malware and anti-rootkit system can be used to shut down arbitrary processeses, including security related processeses.
https://asec.ahnlab.com/en/86881/
Synology Vulnerability Updates
Synology updates some security advisories it release last year adding addition details and vulnerable systems.
https://www.synology.com/en-global/security/advisory/Synology_SA_24_20
https://www.synology.com/en-global/security/advisory/Synology_SA_24_24

ISC StormCast for Wednesday, October 23rd, 2024

Épisode 9192

mercredi 23 octobre 2024 • Durée 05:21

How much HTTP (not HTTPS) Traffic is Traversing Your Perimeter?
https://isc.sans.edu/diary/How%20much%20HTTP%20%28not%20HTTPS%29%20Traffic%20is%20Traversing%20Your%20Perimeter%3F/31372
VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Unifi Security Advisory Bulletin 043
https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7
Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability.
https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability
Atlassian Security Bulletin - October 15 2024
https://confluence.atlassian.com/security/security-bulletin-october-15-2024-1442910972.html
OneDev Arbitrary file reading for unauthenticated user
https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489

ISC StormCast for Thursday, February 18th, 2021

Épisode 7378

jeudi 18 février 2021 • Durée 05:53

The new "LinkedInSecureMessage" Phish
https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/
Apple M1 Optimized Malware
https://objective-see.com/blog/blog_0x62.html
QNAP Surveilance Station Vulnerability
https://www.qnap.com/en/security-advisory/qsa-21-07
Masslogger Exfiltrates User Credentials
https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html

ISC StormCast for Wednesday, February 17th, 2021

Épisode 7376

mercredi 17 février 2021 • Durée 05:15

More Weirdness on TCP Port 26
https://isc.sans.edu/forums/diary/More+weirdness+on+TCP+port+26/27106/
Microsoft Pulls Servicing Stack Update
https://threatpost.com/microsoft-windows-update-patch-tuesday/163981/
Network Monitoring Company Centreon Compromised
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
VSCode NPM Extension RCE
https://github.com/jackadamson/CVE-2021-26700

ISC StormCast for Tuesday, February 16th, 2021

Épisode 7374

mardi 16 février 2021 • Durée 06:39

Securing and Optimizing Networks Using pfSense Traffic Shaper to Combat Bufferbloat
https://isc.sans.edu/forums/diary/Securing+and+Optimizing+Networks+Using+pfSense+Traffic+Shaper+Limiters+to+Combat+Bufferbloat/27102/
Apple to Proxy Safe Browsing Requests
https://twitter.com/othermaciej/status/1359736220809531393
Power Outages and Some Network Outages as a Result
https://downdetector.com
Phone Scam Success Rates
https://www.helpnetsecurity.com/2021/02/15/lost-money-to-phone-scams/
https://nakedsecurity.sophos.com/2021/02/12/sms-tax-scam-unmasked-bogus-but-believable-dont-fall-for-it/

ISC StormCast for Monday, February 15th, 2021

Épisode 7372

lundi 15 février 2021 • Durée 07:49

AgentTesla Dropped Through Automatic Click in Microsoft Help File
https://isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/
Telegram used to Defraud Delivery Serivces
https://thefintechtimes.com/sift-finds-new-telegram-fraud-exploiting-increasing-use-of-food-delivery-services/
Singtel Suffers Zero-DAy Cyberattack
https://threatpost.com/singtel-zero-day-cyberattack/163938/
Vulnerabilities in Mobile Health Apps
https://approov.io/download/all-that-we-let-in_hacking-mhealth-apps-and-apis.pdf
Bloomberg Supermicro Story
https://www.bloomberg.com/features/2021-supermicro/
https://www.theregister.com/2021/02/12/supermicro_bloomberg_spying/

ISC StormCast for Friday, February 12th, 2021

Épisode 7370

vendredi 12 février 2021 • Durée 05:41

Agent Tesla Hidden in Historical Anti-Malware Tool
https://isc.sans.edu/forums/diary/Agent+Tesla+hidden+in+a+historical+antimalware+tool/27088/
McAfee Total Protection Vulnerabilities
https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx
Intel Patches
https://blogs.intel.com/technology/2021/02/ipas-security-advisories-for-february-2021
Discord Used to Distribute Malware
https://www.zscaler.com/blogs/security-research/discord-cdn-popular-choice-hosting-malicious-payloads

ISC StormCast for Thursday, February 11th, 2021

Épisode 7368

jeudi 11 février 2021 • Durée 05:47

Phishing Message to the ISC Handlers E-Mail Distro
https://isc.sans.edu/forums/diary/Phishing+message+to+the+ISC+handlers+email+distro/27082/
Google Phishing Statistics
https://cloud.google.com/blog/products/workspace/how-gmail-helps-users-avoid-email-scams
Adobe Security Updates
https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
Apple Sudo Patch
https://support.apple.com/en-us/HT212177
Number:Jack ISN Generation Weaknesses
https://www.forescout.com/company/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/

Podcasts Similaires Basées sur le Contenu

Découvrez des podcasts liées à SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast). Explorez des podcasts avec des thèmes, sujets, et formats similaires. Ces similarités sont calculées grâce à des données tangibles, pas d'extrapolations !