Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

  • Autor: Vários
  • Narrador: Vários
  • Editor: Podcast
  • Duración: 258:32:59
  • Mas informaciones

Informações:

Seguir
Escucha
Escucha

Sinopsis

Daily update on current cyber security threats

Show more

Episodios

  • ISC StormCast for Wednesday, January 11th, 2023

    ISC StormCast for Wednesday, January 11th, 2023
    11/01/2023 Duración: 05min

    Microsoft January 2023 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20January%202023%20Patch%20Tuesday/29420 Cacti Unauthenticated Remote Code Execution https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/ On the Security Vulnerabilities of Text-to-SQL Models https://arxiv.org/pdf/2211.15363.pdf

    Escucha
  • ISC StormCast for Tuesday, January 10th, 2023

    ISC StormCast for Tuesday, January 10th, 2023
    10/01/2023 Duración: 06min

    New Year Old Tricks: Hunting for CircleCI Configuration Files https://isc.sans.edu/diary/New%20year%2C%20old%20tricks%3A%20Hunting%20for%20CircleCI%20configuration%20files/29416 Amazon S3 Encrypts New Objects By Default https://aws.amazon.com/blogs/aws/amazon-s3-encrypts-new-objects-by-default/ MatrixSSL Buffer Overflow https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29 Auth0 JsonWebToken Vulnerability CVE-2022-23529 https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/

    Escucha
  • ISC StormCast for Monday, January 9th, 2023

    ISC StormCast for Monday, January 9th, 2023
    09/01/2023 Duración: 05min

    Reversing AutoIT Scripts https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408 Can You Trust Your VSCode Extensions https://blog.aquasec.com/can-you-trust-your-vscode-extensions A Deep Dive Into Powerat https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi

    Escucha
  • ISC StormCast for Friday, January 6th, 2023

    ISC StormCast for Friday, January 6th, 2023
    06/01/2023 Duración: 05min

    More Brazil Malspam Pushing Astaroth (Guildma) in January 2023 https://isc.sans.edu/forums/diary/More%20Brazil%20malspam%20pushing%20Astaroth%20%28Guildma%29%20in%20January%202023/29404/ CircleCI Breach https://circleci.com/blog/january-4-2023-security-alert/ Twitter Leak https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/ Slack Source Code Leak https://slack.com/blog/news/slack-security-update Control Web Panel Patch CVE-2022-44877 https://github.com/numanturle/CVE-2022-44877 Turla: A Galaxy of Opportunity https://www.mandiant.com/resources/blog/turla-galaxy-opportunity

    Escucha
  • ISC StormCast for Thursday, January 5th, 2023

    ISC StormCast for Thursday, January 5th, 2023
    05/01/2023 Duración: 07min

    Update to RTRBK - Diff and File Dates in PowerShell https://isc.sans.edu/diary/Update%20to%20RTRBK%20-%20Diff%20and%20File%20Dates%20in%20PowerShell/29400 Google Chrome Sunsetting Legacy Windows Support https://support.google.com/chrome/thread/185534985/sunsetting-support-for-windows-7-8-8-1-in-early-2023?hl=en SHC used to compile cryptominer malware https://asec.ahnlab.com/en/45182/ ManageEngine Password Manager Pro SQL Injection https://pitstop.manageengine.com/portal/en/community/topic/manageengine-security-advisory important-security-fix-released-for-manageengine-password-manager-pro-2-1-2023#:~:text=critical%20security%20vulnerability ForiADC Command Injection in Web Interface https://www.fortiguard.com/psirt/FG-IR-22-061 Raspberry Robin Developments https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe

    Escucha
  • ISC StormCast for Wednesday, January 4th, 2023

    ISC StormCast for Wednesday, January 4th, 2023
    04/01/2023 Duración: 06min

    NTP Fingerprinting https://isc.sans.edu/diary/Its%20about%20time%3A%20OS%20Fingerprinting%20using%20NTP/29394 Misc Car Vulnerabilities https://samcurry.net/web-hackers-vs-the-auto-industry/ Flipper Zero Phishing https://twitter.com/AlvieriD/status/1609945425871609858 Trend Micro Patch https://helpcenter.trendmicro.com/en-us/article/TMKA-11252 Packet Tuesday: IP Options https://www.youtube.com/watch?v=HldNL3SLLwM

    Escucha
  • ISC StormCast for Tuesday, January 3rd, 2023

    ISC StormCast for Tuesday, January 3rd, 2023
    03/01/2023 Duración: 05min

    Kyverno's container image signature verification bypass https://www.armosec.io/blog/cve-2022-47633-kyvernos-container-image-signature-verification/ Google Smart Spaeker Vulnerability https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html Verizon Decomissions 3G CDMA Network https://www.fiercewireless.com/wireless/verizon-tells-3g-customers-upgrade-they-lose-service EarSpy: Spying Caller Speech and Identity Through Speaker Vibrations https://arxiv.org/pdf/2212.12151.pdf

    Escucha
  • ISC StormCast for Monday, January 2nd, 2023

    ISC StormCast for Monday, January 2nd, 2023
    02/01/2023 Duración: 06min

    SPF and DMARC use on GOV domains in different ccTLDs https://isc.sans.edu/forums/diary/SPF+and+DMARC+use+on+GOV+domains+in+different+ccTLDs/29384/ CVE-2022-47939 ksmbd Vulnerability https://ubuntu.com/security/CVE-2022-47939 Netgear Vulnerabilities https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208 PyTorch Malicious Dependency https://pytorch.org/blog/compromised-nightly-dependency/

    Escucha
  • ISC StormCast for Friday, December 23rd, 2022

    ISC StormCast for Friday, December 23rd, 2022
    23/12/2022 Duración: 06min

    Exchange OWASSRF Exploited for Remote Code Execution https://isc.sans.edu/forums/diary/Exchange%20OWASSRF%20Exploited%20for%20Remote%20Code%20Execution/29374/ ksmbd Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-22-1690/ LastPass Incident Update https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

    Escucha
  • ISC StormCast for Thursday, December 22nd, 2022

    ISC StormCast for Thursday, December 22nd, 2022
    22/12/2022 Duración: 06min

    Quick NTP Measurement https://isc.sans.edu/diary/Can%20you%20please%20tell%20me%20what%20time%20it%20is%3F%20Adventures%20with%20public%20NTP%20servers./29368 FBI Favors Ad Blockers https://www.ic3.gov/Media/Y2022/PSA221221 Hidden Costs of Parental Control Apps https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/ ProxyNotShell Mitigtation Bypass https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/

    Escucha
  • ISC StormCast for Wednesday, December 21st, 2022

    ISC StormCast for Wednesday, December 21st, 2022
    21/12/2022 Duración: 07min

    Linux File System Monitoring and Actions https://isc.sans.edu/diary/Linux%20File%20System%20Monitoring%20%26%20Actions/29362 Feed of NTP Server IP Addresses https://isc.sans.edu/api/threatlist/ntpservers?json Feed of Mastodon Server IP Addresses https://isc.sans.edu/api/threatlist/mastodon?json Packet Tuesday TLS Server Hello https://www.youtube.com/watch?v=2HymU4dxWEQ Android Preparing Support for Updatable Root Certificates https://blog.esper.io/android-14-updatable-certificates/ Elastic IP Hijacking https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws Microsoft Fixes HyperV issues With Latest Patch https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#2988

    Escucha
  • ISC StormCast for Tuesday, December 20th, 2022

    ISC StormCast for Tuesday, December 20th, 2022
    20/12/2022 Duración: 06min

    Hunting for Mastodon Servers https://isc.sans.edu/diary/Hunting%20for%20Mastodon%20Servers/29358 KB5021233 Blue Screen https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#2986msgdesc Edge Update will disable Internet Explorer in February https://learn.microsoft.com/en-us/deployedge/edge-learnmore-neededge Gatekeeper's Achilles heel: Unearthin a macOS vulnerability https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/ Corsair Bug not causing keystroke logging https://arstechnica.com/gadgets/2022/12/corsair-says-bug-not-keylogger-behind-some-k100-keyboards-creepy-behavior/ SentinelSneak: Malicious PyPi module poses as security software development kit

    Escucha
  • ISC StormCast for Monday, December 19th, 2022

    ISC StormCast for Monday, December 19th, 2022
    19/12/2022 Duración: 06min

    Infostealer Malware with Double Extension https://isc.sans.edu/diary/Infostealer%20Malware%20with%20Double%20Extension/29354 Client Side Encryption For GMail https://workspaceupdates.googleblog.com/2022/12/client-side-encryption-for-gmail-beta.html Google Releases OSV Scanner https://github.com/google/osv-scanner/releases/tag/v1.0.1 Samba Security Patches https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html Zyxel Router Buffer Overflow https://sec-consult.com/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/

    Escucha
  • ISC StormCast for Friday, December 16th, 2022

    ISC StormCast for Friday, December 16th, 2022
    16/12/2022 Duración: 06min

    Google ads lead to fake software pages pushing IcedID (Bokbot) https://isc.sans.edu/diary/Google%20ads%20lead%20to%20fake%20software%20pages%20pushing%20IcedID%20%28Bokbot%29/29344 HTML smugglers turn to SVG images https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/ GitHub Improvements https://github.blog/2022-12-14-raising-the-bar-for-software-security-next-steps-for-github-com-2fa/ NIST Retires SHA-1 https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm

    Escucha
  • ISC StormCast for Thursday, December 15th, 2022

    ISC StormCast for Thursday, December 15th, 2022
    15/12/2022 Duración: 06min

    Microsoft Patch Issues: https://support.microsoft.com/en-us/topic/december-13-2022-kb5021249-os-build-20348-1366-d5fe7608-bc9d-4055-a88c-fb2fd3d5fd45 https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/so-you-say-your-dc-s-memory-is-getting-all-used-up-after/ba-p/3696318 Critical Remote Code Execution Vulneraiblity in SPNEGO Extended Negotiation Security Mechanism https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/ VMWare EHCI Controller Vulnerability CVE-2022-31705 https://www.vmware.com/security/advisories/VMSA-2022-0033.html Veem Vulnerability now Exploited https://www.veeam.com/kb4288 nuget / npm / pypi used to host phishing pages https://checkmarx.com/blog/how-140k-nuget-npm-and-pypi-packages-were-used-to-spread-phishing-links/

    Escucha
  • ISC StormCast for Wednesday, December 14th, 2022

    ISC StormCast for Wednesday, December 14th, 2022
    14/12/2022 Duración: 06min

    Microsoft Patches https://isc.sans.edu/diary/Microsoft%20December%202022%20Patch%20Tuesday/29336 Apple Patches https://isc.sans.edu/diary/Apple%20Updates%20Everything/29338 Citrix Patches https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/

    Escucha
  • ISC StormCast for Tuesday, December 13th, 2022

    ISC StormCast for Tuesday, December 13th, 2022
    13/12/2022 Duración: 06min

    Quickie: CyberChef Sorting By String Length https://isc.sans.edu/diary/Quickie%3A%20CyberChef%20Sorting%20By%20String%20Length/29328 FortiOS Buffer Overlow https://www.fortiguard.com/psirt/FG-IR-22-398 A Custom Python Backdoor for VMWare ESXi Servers https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers Fuzzing Ping https://tlakh.xyz/fuzzing-ping.html

    Escucha
  • ISC StormCast for Monday, December 12th, 2022

    ISC StormCast for Monday, December 12th, 2022
    12/12/2022 Duración: 06min

    Fast Port Scanning in Powershell https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324 Bypassing WAFs with JSON https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf Invisbile npm malware evading security checks https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/ PCI Secre Software Standard V 1.2 https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf VMWare/VCenter Patches https://www.vmware.com/security/advisories/VMSA-2022-0030.html

    Escucha
  • ISC StormCast for Friday, December 9th, 2022

    ISC StormCast for Friday, December 9th, 2022
    09/12/2022 Duración: 05min

    Finding Gaps in Syslog https://isc.sans.edu/diary/Finding%20Gaps%20in%20Syslog%20-%20How%20to%20find%20when%20nothing%20happened/29314 Internet Explorer Vulnerabilty used in Malicious Word Document https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/ Zombinder Obfuscation Service used by Ermac https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html Cisco IP Phone Vulnerability CVE-2022-20968 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U daloRADIUS Vulnerablity CVE-2022-23475 https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app/ SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge/

    Escucha
  • ISC StormCast for Thursday, December 8th, 2022

    ISC StormCast for Thursday, December 8th, 2022
    08/12/2022 Duración: 05min

    ZeroBot / WSZero IoT Botnet https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities https://blog.netlab.360.com/new-ddos-botnet-wszeor/ Cacti Vulnerability CVE-2022-46169 https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf Wireshark Updates https://www.wireshark.org/docs/relnotes/wireshark-4.0.2.html Apple iCloud Security Improvements https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/

    Escucha
página 35 de 116

Títulos relacionados