SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
May 19, 2024 • 6 mins
Another PDF Streams Example: Extracting JPEGs
https://isc.sans.edu/diary/Another%20PDF%20Streams%20Example%3A%20Extracting%20JPEGs/30924
QNAP QTS QNAPping At the Wheel
https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/
May 2024 Security Update Problems with Windows 2019
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-20...
https://isc.sans.edu/diary/Another%20PDF%20Streams%20Example%3A%20Extracting%20JPEGs/30924
QNAP QTS QNAPping At the Wheel
https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/
May 2024 Security Update Problems with Windows 2019
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-20...
Mark as Played
May 16, 2024 • 5 mins
Why yq? Adventurs in XML
https://isc.sans.edu/diary/Why%20yq%3F%20%20Adventures%20in%20XML/30930
Black Basta Uses Quick Assist
https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/
Various Chrome 0-Day Vulnerabilities
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
Andr...
https://isc.sans.edu/diary/Why%20yq%3F%20%20Adventures%20in%20XML/30930
Black Basta Uses Quick Assist
https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/
Various Chrome 0-Day Vulnerabilities
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
Andr...
Mark as Played
May 15, 2024 • 5 mins
Got MFA? If not, now is the time!
https://isc.sans.edu/diary/Got%20MFA%3F%20%20If%20not%2C%20Now%20is%20the%20Time!/30926
SSID Confusion: Making Wi-Fi Clients Connect to the Wrong Network CVE-2023-52424
https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf
FIDO2 MitM Session Hijacking
https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/?web_view=true#but-first-some-backgrou...
https://isc.sans.edu/diary/Got%20MFA%3F%20%20If%20not%2C%20Now%20is%20the%20Time!/30926
SSID Confusion: Making Wi-Fi Clients Connect to the Wrong Network CVE-2023-52424
https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf
FIDO2 MitM Session Hijacking
https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/?web_view=true#but-first-some-backgrou...
Mark as Played
May 14, 2024 • 7 mins
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20May%202024%20Patch%20Tuesday/30920
Detecting Bluetooth Trackers
https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html
Adobe Patches
https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
VMWare Updates
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdviso...
https://isc.sans.edu/diary/Microsoft%20May%202024%20Patch%20Tuesday/30920
Detecting Bluetooth Trackers
https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html
Adobe Patches
https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
VMWare Updates
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdviso...
Mark as Played
May 13, 2024 • 6 mins
Apple Updates Everything
https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20macOS%2C%20iOS%2C%20iPadOS%2C%20watchOS%2C%20tvOS%20updated./30916
Juniper OpenSSH Update
https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH?language=en_US
Malicious Go Binary Delivered via Steganography in PyPi
https://blog.phylum.io/ma...
https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20macOS%2C%20iOS%2C%20iPadOS%2C%20watchOS%2C%20tvOS%20updated./30916
Juniper OpenSSH Update
https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH?language=en_US
Malicious Go Binary Delivered via Steganography in PyPi
https://blog.phylum.io/ma...
Mark as Played
May 12, 2024 • 5 mins
DNS Suffixes on Windows
https://isc.sans.edu/diary/DNS%20Suffixes%20on%20Windows/30912
Black Basta Ransomware Advisory
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
Possible Exploitation of Arcserve Unified Data Protection Vuln
https://digital.nhs.uk/cyber-alerts/2024/cc-4487
Chrome Patches 0-Day
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desk...
https://isc.sans.edu/diary/DNS%20Suffixes%20on%20Windows/30912
Black Basta Ransomware Advisory
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
Possible Exploitation of Arcserve Unified Data Protection Vuln
https://digital.nhs.uk/cyber-alerts/2024/cc-4487
Chrome Patches 0-Day
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desk...
Mark as Played
May 9, 2024 • 5 mins
Analyzing PDF Streams
https://isc.sans.edu/diary/Analyzing%20PDF%20Streams/30908
F5 Next Central Manager Vulnerabilities
https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/
Veeam Patches
https://www.veeam.com/kb4441
https://www.veeam.com/kb4509
Citrix Hypervisor Security Update CVE-2024-31497
https://support.citrix.com/article/CTX633416/citrix-hypervisor-security-update-fo...
https://isc.sans.edu/diary/Analyzing%20PDF%20Streams/30908
F5 Next Central Manager Vulnerabilities
https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/
Veeam Patches
https://www.veeam.com/kb4441
https://www.veeam.com/kb4509
Citrix Hypervisor Security Update CVE-2024-31497
https://support.citrix.com/article/CTX633416/citrix-hypervisor-security-update-fo...
Mark as Played
May 9, 2024 • 6 mins
Analzying Synology Disks
https://isc.sans.edu/diary/Analyzing%20Synology%20Disks%20on%20Linux/30904
RSA Panel
https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques%20You%20Need%20to%20Know%20About
SANS.edu Research Journal
https://www.sans.edu/cyber-security-research
https://isc.sans.edu/diary/Analyzing%20Synology%20Disks%20on%20Linux/30904
RSA Panel
https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques%20You%20Need%20to%20Know%20About
SANS.edu Research Journal
https://www.sans.edu/cyber-security-research
Mark as Played
May 8, 2024 • 8 mins
Detecting XFinity/Comcast DNS Spoofing
https://isc.sans.edu/diary/Detecting%20XFinity%20Comcast%20DNS%20Spoofing/30898
Weblogic PoC CVE-2024-21006
https://pwnull.github.io/2024/oracle%20weblogic%20CVE-2024-21006%20Double-JNDInjection%20RCE%20analyze/
https://github.com/momika233/CVE-2024-21006
PDF.js React PDF Vulnerablity
https://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-thr...
https://isc.sans.edu/diary/Detecting%20XFinity%20Comcast%20DNS%20Spoofing/30898
Weblogic PoC CVE-2024-21006
https://pwnull.github.io/2024/oracle%20weblogic%20CVE-2024-21006%20Double-JNDInjection%20RCE%20analyze/
https://github.com/momika233/CVE-2024-21006
PDF.js React PDF Vulnerablity
https://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-thr...
Mark as Played
May 7, 2024 • 6 mins
DHCP Based VPN Routing Leaks
https://www.leviathansecurity.com/blog/tunnelvision
Mullvad VPN DNS Traffic Leak
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
Tiny Proxy Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
https://www.leviathansecurity.com/blog/tunnelvision
Mullvad VPN DNS Traffic Leak
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
Tiny Proxy Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
Mark as Played
May 5, 2024 • 5 mins
DNS Debugging with nslookup
https://isc.sans.edu/diary/nslookups+Debug+Options/30894/
Microsoft Plans DNS Lockdown
https://techcommunity.microsoft.com/t5/networking-blog/announcing-zero-trust-dns-private-preview/ba-p/4110366
Microsoft Graph API Abuse
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats
SANSFIRE SEC522 Defending Web Applications
https://www...
https://isc.sans.edu/diary/nslookups+Debug+Options/30894/
Microsoft Plans DNS Lockdown
https://techcommunity.microsoft.com/t5/networking-blog/announcing-zero-trust-dns-private-preview/ba-p/4110366
Microsoft Graph API Abuse
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats
SANSFIRE SEC522 Defending Web Applications
https://www...
Mark as Played
May 2, 2024 • 5 mins
https://isc.sans.edu/diary/Scans%20Probing%20for%20LB-Link%20and%20Vinga%20WR-AC1200%20routers%20CVE-2023-24796/30890
Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796
Buffer Overflow Vulnerabilities in ArubaOS
https://www.arubanetworks.com/support-services/security-bulletins/
The Cuttlefish Malware
https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/
Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796
Buffer Overflow Vulnerabilities in ArubaOS
https://www.arubanetworks.com/support-services/security-bulletins/
The Cuttlefish Malware
https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/
Mark as Played
May 1, 2024 • 6 mins
Linux Trojan - Xorddos with Filename eyshcjdmzg
https://isc.sans.edu/diary/Linux%20Trojan%20-%20Xorddos%20with%20Filename%20eyshcjdmzg/30880
AWS S3 Denial of Wallet Amplification Attack
https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d
EU iOS Safari Allows User...
https://isc.sans.edu/diary/Linux%20Trojan%20-%20Xorddos%20with%20Filename%20eyshcjdmzg/30880
AWS S3 Denial of Wallet Amplification Attack
https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d
EU iOS Safari Allows User...
Mark as Played
May 1, 2024 • 6 mins
Another Day, Another NAS: Attacks against Zyxel NAS326 Devices CVE-2023-4473, CVE-2023-4474
https://isc.sans.edu/diary/Another%20Day%2C%20Another%20NAS%3A%20Attacks%20against%20Zyxel%20NAS326%20devices%20CVE-2023-4473%2C%20CVE-2023-4474/30884
R-Bitrary Code Execution: Vulnearbility in R's Deserialization
https://hiddenlayer.com/research/r-bitrary-code-execution/
Coordinated Docker Hub Attacks using Malicious R...
https://isc.sans.edu/diary/Another%20Day%2C%20Another%20NAS%3A%20Attacks%20against%20Zyxel%20NAS326%20devices%20CVE-2023-4473%2C%20CVE-2023-4474/30884
R-Bitrary Code Execution: Vulnearbility in R's Deserialization
https://hiddenlayer.com/research/r-bitrary-code-execution/
Coordinated Docker Hub Attacks using Malicious R...
Mark as Played
April 29, 2024 • 6 mins
DLink NAS Exploit Variation
https://www.qnap.com/en/security-advisory/qsa-24-09
Muddling Meerkat DNS Abuse
https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/
Android TV Data Leakage
https://www.youtube.com/watch?v=QiyBXXO8QpA
https://www.404media.co/android-tvs-can-expose-user-email-inboxes/
SEC522: SANSFIRE
https://www.sans.org/...
https://www.qnap.com/en/security-advisory/qsa-24-09
Muddling Meerkat DNS Abuse
https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/
Android TV Data Leakage
https://www.youtube.com/watch?v=QiyBXXO8QpA
https://www.404media.co/android-tvs-can-expose-user-email-inboxes/
SEC522: SANSFIRE
https://www.sans.org/...
Mark as Played
April 28, 2024 • 6 mins
Okta warns of increase in credential stuffing
https://sec.okta.com/blockanonymizers
Fake payment cards used by Police in Japan
https://twitter.com/vxunderground/status/1783522097425211887
Phishing Campaigns Targeting USPS
https://www.akamai.com/blog/security-research/phishing-usps-malicious-domains-traffic-equal-to-legitimate-traffic
Chrome 124 Breaks TLS Handshake
https://www.reddit.com/r/sys...
https://sec.okta.com/blockanonymizers
Fake payment cards used by Police in Japan
https://twitter.com/vxunderground/status/1783522097425211887
Phishing Campaigns Targeting USPS
https://www.akamai.com/blog/security-research/phishing-usps-malicious-domains-traffic-equal-to-legitimate-traffic
Chrome 124 Breaks TLS Handshake
https://www.reddit.com/r/sys...
Mark as Played
April 25, 2024 • 20 mins
Does it matter if iptables isn't running on my honeypot?
https://isc.sans.edu/forums/diary/Does%20it%20matter%20if%20iptables%20isn't%20running%20on%20my%20honeypot%3F/30862/
Unplugging PlugX: Singholing the PlugX USB worm botnet
https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/
pfSense Updates
https://docs.netgate.com/advisories/index.html
GitLab Updates
https://ab...
https://isc.sans.edu/forums/diary/Does%20it%20matter%20if%20iptables%20isn't%20running%20on%20my%20honeypot%3F/30862/
Unplugging PlugX: Singholing the PlugX USB worm botnet
https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/
pfSense Updates
https://docs.netgate.com/advisories/index.html
GitLab Updates
https://ab...
Mark as Played
April 24, 2024 • 6 mins
API Rug Pull - The NIST NVD Database and API
https://isc.sans.edu/diary/API%20Rug%20Pull%20-%20The%20NIST%20NVD%20Database%20and%20API%20%28Part%204%20of%203%29/30868
Cisco Patches Vulnerabilities and Discovers Arcane Backdoor
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
Vulnerabilities across keyboard apps reveal keystrokes to network ...
https://isc.sans.edu/diary/API%20Rug%20Pull%20-%20The%20NIST%20NVD%20Database%20and%20API%20%28Part%204%20of%203%29/30868
Cisco Patches Vulnerabilities and Discovers Arcane Backdoor
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
Vulnerabilities across keyboard apps reveal keystrokes to network ...
Mark as Played
April 23, 2024 • 6 mins
Struts2 devmode Still a Problem Ten Years Later
https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/
Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028
https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
A...
https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/
Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028
https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
A...
Mark as Played
April 22, 2024 • 6 mins
Number of Industrial Devices Accessible From Internet Up 30 Thousand over three years
https://isc.sans.edu/diary/It%20appears%20that%20the%20number%20of%20industrial%20devices%20accessible%20from%20the%20internet%20has%20risen%20by%2030%20thousand%20over%20the%20past%20three%20years/30860
Evil XDR: Turning an XDR into an Offensive Tool
https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-...
https://isc.sans.edu/diary/It%20appears%20that%20the%20number%20of%20industrial%20devices%20accessible%20from%20the%20internet%20has%20risen%20by%2030%20thousand%20over%20the%20past%20three%20years/30860
Evil XDR: Turning an XDR into an Offensive Tool
https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-...
Mark as Played
Popular Podcasts
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
Every week comedian and infamous roaster Nikki Glaser provides a fun, fast-paced, and brutally honest look into current pop-culture and her own personal life.
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
If you can never get enough true crime... Congratulations, you’ve found your people.
A straightforward look at the day's top news in 20 minutes. Powered by ABC News. Hosted by Brad Mielke.