SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Episodes

SANS Stormcast Friday, July 18th, 2025: Extended File Attributes; Critical Cisco ISE Patch; VMWare Patches; Quarterly Oracle Patches

July 17, 2025 • 4 mins

Hiding Payloads in Linux Extended File Attributes
Xavier today looked at ways to hide payloads on Linux, similar to how alternate data streams are used on Windows. Turns out that extended file attributes do the trick, and he presents some scripts to either hide data or find hidden data.
https://isc.sans.edu/diary/Hiding%20Payloads%20in%20Linux%20Extended%20File%20Attributes/32116
Cisco Patches Critical Identity...
Mark as Played

SANS Stormcast Thursday, July 17th, 2025: catbox.moe abuse; Sonicwall Attacks; Rendering Issues

July 16, 2025 • 5 mins

More Free File Sharing Services Abuse
The free file-sharing service catbox.moe is abused by malware. While it officially claims not to allow hosting of executables, it only checks extensions and is easily abused
https://isc.sans.edu/diary/More%20Free%20File%20Sharing%20Services%20Abuse/32112
Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor
A group Google identi...
Mark as Played

SANS Stormcast Wednesday, July 16th, 2025: ADS Keystroke Logger; Fake Homebrew; Broadcom Altiris RCE; Malicious Cursor AI Extensions

July 15, 2025 • 5 mins

Keylogger Data Stored in an ADS
Xavier came across a keystroke logger that stores data in alternate data streams. The data includes keystroke logs as well as clipboard data
https://isc.sans.edu/diary/Keylogger%20Data%20Stored%20in%20an%20ADS/32108
Malvertising Homebrew
An attacker has been attempting to trick users into installing a malicious version of Homebrew. The fake software is advertised via paid Go...
Mark as Played

SANS Stormcast Monday, July 14th, 2025: Web Honeypot Log Volume; Browser Extension Malware; RDP Forensics

July 14, 2025 • 6 mins

DShield Honeypot Log Volume Increase
Within the last few months, there has been a dramatic increase in honeypot log volumes and how often these high volumes are seen. This has not just been from Jesse s residential honeypot, which has historically seen higher log volumes, but from all of the honeypots that Jesse runs.
https://isc.sans.edu/diary/DShield+Honeypot+Log+Volume+Increase/32100
Google and Microsoft Tr...
Mark as Played

SANS Stormcast Monday, July 14th, 2025: Suspect Domain Feed; Wing FTP Exploited; FortiWeb Exploited; NVIDIA GPU Rowhammer

July 13, 2025 • 6 mins

Experimental Suspicious Domain Feed
Our new experimental suspicious domain feed uses various criteria to identify domains that may be used for phishing or other malicious purposes.
https://isc.sans.edu/diary/Experimental%20Suspicious%20Domain%20Feed/32102
Wing FTP Server RCE Vulnerability Exploited CVE-2025-47812
Huntress saw active exploitation of Wing FTP Server remote code execution (CVE-2025-47812) on...
Mark as Played

SANS Stormcast Friday, July 11th, 2025: SSH Tunnel; FortiWeb SQL Injection; Ruckus Unpatched Vuln; Missing Motherboard Patches;

July 10, 2025 • 5 mins

SSH Tunneling in Action: direct-tcp requests
Attackers are compromising ssh servers to abuse them as relays. The attacker will configure port forwarding direct-tcp connections to forward traffic to a victim. In this particular case, the Yandex mail server was the primary victim of these attacks.
https://isc.sans.edu/diary/SSH%20Tunneling%20in%20Action%3A%20direct-tcp%20requests%20%5BGuest%20Diary%5D/32094
Forti...
Mark as Played

SANS Stormcast Thursday, July 10th, 2025: Internal CA with ACME; TapJacking on Android; Adobe Patches;

July 9, 2025 • 5 mins

Setting up Your Own Certificate Authority for Development: Why and How.
Some tips on setting up your own internal certificate authority using the smallstep CA.
https://isc.sans.edu/diary/Setting%20up%20Your%20Own%20Certificate%20Authority%20for%20Development%3A%20Why%20and%20How./32092
Animation-Driven Tapjacking on Android
Attackers can use a click-jacking like trick to trick victims into clicking on anim...
Mark as Played

SANS Stormcast Wednesday, July 9th, 2025: Microsoft Patches; Opposum Attack;

July 8, 2025 • 7 mins

Microsoft Patch Tuesday, July 2025
Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. 14 of these are rated critical. Only one of the vulnerabilities was disclosed before being patched, and none of the vulnerabilities have so far been exploited.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%2C%2...
Mark as Played

SANS Stormcast Tuesday, July 8th, 2025: Detecting Filename (Windows); Atomic Stealer now with Backdoor; SEO Scams

July 7, 2025 • 5 mins

What s My File Name
Malware may use the GetModuleFileName API to detect if it was renamed to a name typical for analysis, like sample.exe or malware.exe
https://isc.sans.edu/diary/What%27s%20My%20%28File%29Name%3F/32084
Atomic macOS infostealer adds backdoor for persistent attacks
Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to...
Mark as Played

SANS Stormcast Monday, July 7th, 2025: interesting usernames; More sudo issues; CitrixBleed2 PoC; Short Lived Certs

July 6, 2025 • 5 mins

Interesting ssh/telnet usernames
Some interesting usernames observed in our honeypots
https://isc.sans.edu/diary/A%20few%20interesting%20and%20notable%20ssh%20telnet%20usernames/32080
More sudo trouble
The host option in Sudo can be exploited to execute commands on unauthorized hosts.
https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
CitrixBleed2 PoC Posted (CVE-2025-5777)<...
Mark as Played

SANS Stormcast Thursday July 3rd, 2025: sudo problems; polymorphic zip files; cisco vulnerablity

July 2, 2025 • 5 mins

Sudo chroot Elevation of Privilege
The sudo chroot option can be leveraged by any local user to elevate privileges to root, even if no sudo rules are defined for that user.
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
Polymorphic ZIP Files
A zip file with a corrupt End of Central Directory Record may extract different data depending on the tool used to extract the files.
...
Mark as Played

SANS Stormcast Monday June 30th, 2025: Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resliliency Initiative

June 29, 2025 • 7 mins

Scattered Spider Update
The threat actor known as Scattered Spider is in the news again, this time focusing on airlines. But the techniques used by Scattered Spider, social engineering, are still some of the most dangerous techniques used by various threat actors.
https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations?e=48754805
AMI BIOS Vulnerability Exploited CVE-...
Mark as Played

SANS Stormcast Friday, June 27th, 2025: Open-VSX Flaw; Airoha Bluetooth Vulnerablity; Critical Cisco Identity Service Engine Vuln;

June 26, 2025 • 6 mins

Open-VSX Flaw Puts Developers at Risk
A flaw in the open-vsx extension marketplace could have let to the compromise of any extension offered by the marketplace.
https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44
Bluetooth Vulnerability Could Allow Eavesdropping
A vulnerability in the widely used Airoha Bluetooth chipset can be used to c...
Mark as Played

SANS Stormcast Thursday, June 26th, 2025: Another Netscaler Vuln; CentOS Web Panel Vuln; IP Based Certs

June 26, 2025 • 5 mins

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543
Citrix patched a memory overflow vulnerability leading to unintended control flow and denial of service.
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
Remote code execution in CentOS Web Panel - CVE-2025-48703
An arbitrary file upload vulnerability in the user (not admin) part of Web Panel can be used...
Mark as Played

SANS Stormcast Tuesday, June 24th, 2025: Telnet/SSH Scan Evolution; Fake Sonicwall Software; File-Fix vs Click-Fix

June 25, 2025 • 4 mins

Quick Password Brute Forcing Evolution Statistics
After collecting usernames and passwords from our ssh and telnet honeypots for about a decade, I took a look back at how scans changed. Attackers are attempting more passwords in each scans than they used to, but the average length of passwords did not change.
https://isc.sans.edu/diary/Quick%20Password%20Brute%20Forcing%20Evolution%20Statistics/32068
Introducin...
Mark as Played

SANS Stormcast Tuesday, June 24th, 2025: Ichano ATHome IP Camera Scans; Netscaler Vulnerability; WinRar Vulnerability

June 24, 2025 • 5 mins

Scans for Ichano AtHome IP Cameras
A couple days ago, a few sources started scanning for the username super_yg and the password 123. This is associated with Ichano IP Camera software.
https://isc.sans.edu/diary/Scans%20for%20Ichano%20AtHome%20IP%20Cameras/32062
Critical Netscaler Security Update CVE-2025-5777
CVE 2025-5777 is a critical severity vulnerability impacting NetScaler Gateway, i.e. if NetScaler ...
Mark as Played

SANS Stormcast Monday, June 23rd, 2025: ADS and Python; More Secure Cloud PCs; Zend.to Path Traversal; Parser Differentials

June 22, 2025 • 5 mins

ADS & Python Tools
Didier explains how to use his tools cut-bytes.py and filescanner to extract information from alternate data streams.
https://isc.sans.edu/diary/ADS%20%26%20Python%20Tools/32058
Enhanced security defaults for Windows 365 Cloud PCs
Microsoft announced more secure default configurations for its Windows 365 Cloud PC offerings.
https://techcommunity.microsoft.com/blog/windows-itpro-blog...
Mark as Played

SANS Stormcast Friday, June 20th, 2025: New Employee Phishing; Malicious Tech Support Links; Social Engineering App Sepecific Passwords

June 19, 2025 • 5 mins

How Long Until the Phishing Starts? About Two Weeks
After setting up a Google Workspace and adding a new user, it took only two weeks for the new employee to receive somewhat targeted phishing emails.
https://isc.sans.edu/diary/How%20Long%20Until%20the%20Phishing%20Starts%3F%20About%20Two%20Weeks/32052
Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone numbers
Sc...
Mark as Played

SANS Stormcast Monday, June 16th, 2025: Extracting Data from JPEG; Windows Recall Export; Anubis Wiper; Mitel Vuln and PoC

June 16, 2025 • 5 mins

Extracting Data From JPEGs
Didier shows how to efficiently extract data from JPEGs using his tool jpegdump.py
https://isc.sans.edu/diary/A%20JPEG%20With%20A%20Payload/32048
Windows Recall Export in Europe
In its latest insider build for Windows 11, Microsoft is testing an export feature for data stored by Recall. The feature is limited to European users and requires that you note an encryption key that wil...
Mark as Played

SANS Stormcast Monday, June 16th, 2025: Katz Stealer in JPG; JavaScript Attacks; Reviving expired Discord Invites for Evil

June 15, 2025 • 6 mins

Katz Stealer in JPG
Xavier found some multistage malware that uses an Excel Spreadsheet and an HTA file to load an image that includes embeded a copy of Katz stealer.
https://isc.sans.edu/diary/More+Steganography/32044
https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/
JavaScript obfuscated with JSF*CK is being used on over 200,000 websites to direct victims to malwa...
Mark as Played

Popular Podcasts

    Crime Junkie

    Crime Junkie

    Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.

    24/7 News: The Latest

    24/7 News: The Latest

    The latest news in 4 minutes updated every hour, every day.

    Stuff You Should Know

    Stuff You Should Know

    If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.

    The Bobby Bones Show

    The Bobby Bones Show

    Listen to 'The Bobby Bones Show' by downloading the daily full replay.

    Latino USA

    Latino USA

    Latino USA is the longest-running news and culture radio program in the U.S. centering Latino stories, hosted by Pulitzer Prize winning journalist Maria Hinojosa Every week, the Peabody winning team brings you revealing, in-depth stories about what’s in the hearts and minds of Latinos and their impact on the world. Want to support our independent journalism? Join Futuro+ for exclusive episodes, sneak peaks and behind-the-scenes chisme on Latino USA and all our podcasts. www.futuromediagroup.org/joinplus

Advertise With Us
Music, radio and podcasts, all free. Listen online or download the iHeart App.

Connect

Explore

iHeart

Live Radio

Podcasts

Artist Radio

Exclusives

News

Features

Events

Contests

Photos

Information

About

Advertise

Blog

Brand Guidelines

Contest Guidelines

Subscription Offers

Jobs

Get the App

Automotive

Home

Mobile

Wearables

© 2025 iHeartMedia, Inc.