SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Episodes

ISC StormCast for Friday, April 26th, 2024

April 25, 2024 • 20 mins

Does it matter if iptables isn't running on my honeypot?
https://isc.sans.edu/forums/diary/Does%20it%20matter%20if%20iptables%20isn't%20running%20on%20my%20honeypot%3F/30862/
Unplugging PlugX: Singholing the PlugX USB worm botnet
https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/
pfSense Updates
https://docs.netgate.com/advisories/index.html
GitLab Updates
https://ab...

Mark as Played

ISC StormCast for Thursday, April 25th, 2024

April 24, 2024 • 6 mins

API Rug Pull - The NIST NVD Database and API
https://isc.sans.edu/diary/API%20Rug%20Pull%20-%20The%20NIST%20NVD%20Database%20and%20API%20%28Part%204%20of%203%29/30868
Cisco Patches Vulnerabilities and Discovers Arcane Backdoor
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
Vulnerabilities across keyboard apps reveal keystrokes to network ...

Mark as Played

ISC StormCast for Wednesday, April 24th, 2024

April 23, 2024 • 6 mins

Struts2 devmode Still a Problem Ten Years Later
https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/
Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028
https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
A...

Mark as Played

ISC StormCast for Tuesday, April 23rd, 2024

April 22, 2024 • 6 mins

Number of Industrial Devices Accessible From Internet Up 30 Thousand over three years
https://isc.sans.edu/diary/It%20appears%20that%20the%20number%20of%20industrial%20devices%20accessible%20from%20the%20internet%20has%20risen%20by%2030%20thousand%20over%20the%20past%20three%20years/30860
Evil XDR: Turning an XDR into an Offensive Tool
https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-...

Mark as Played

ISC StormCast for Monday, April 22nd, 2024

April 21, 2024 • 5 mins

The CVE's They are A-Changing
https://isc.sans.edu/diary/The%20CVE%27s%20They%20are%20A-Changing!/30850
CrushFTP 0-Day Vulnerability
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/
GitHub Comment Bug Used to Distribute Malware
https://www.bleepingcomputer.com/news/security/github-comment...

Mark as Played

ISC StormCast for Friday, April 19th, 2024

April 18, 2024 • 5 mins

Delinea Secret Server Authn Authz Bypass
https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3
Ivanti Avalanche Poc/Details
https://www.tenable.com/security/research/tra-2024-10
Advanced Phishing Campaign
https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit
Hashicorp go-getter update CVE-2024-3817

Mark as Played

ISC StormCast for Thursday, April 18th, 2024

April 17, 2024 • 5 mins

Malicious PDF File As Delivery Mechanism
https://isc.sans.edu/diary/Malicious%20PDF%20File%20Used%20As%20Delivery%20Mechanism/30848
Updated Palo Alto Networks GlobalProtect Guidance
https://security.paloaltonetworks.com/CVE-2024-3400
Coordinated Social Engineering Takeovers of Open Source Projects;
https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-soc...

Mark as Played

ISC StormCast for Wednesday, April 17th, 2024

April 16, 2024 • 5 mins

Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400
https://isc.sans.edu/forums/diary/Palo%20Alto%20Networks%20GlobalProtect%20exploit%20public%20and%20widely%20exploited%20CVE-2024-3400/30844/
Putty Private Key Recovery
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuapr2...

Mark as Played

ISC StormCast for Tuesday, April 16th, 2024

April 15, 2024 • 6 mins

Quick Palo Alto Networks Global Protect Vulnerablity Update CVE-2024-3400
https://isc.sans.edu/diary/30838
Delinea patches critical vulnerability in secret manager
https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3
Lancom Windows Setup Assistant May Reset Password
https://www.lancom-systems.com/service-support/general-security-information
PHP Patches
https://seclists.org/os...

Mark as Played

ISC StormCast for Sunday, April 14th, 2024

April 13, 2024 • 5 mins

Palo Alto Networks GlobalProtect 0-Day CVE-2024-3400
https://security.paloaltonetworks.com/CVE-2024-3400
https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/#RespondingToCompromise

Mark as Played

ISC StormCast for Friday, April 12th, 2024

April 11, 2024 • 6 mins

BatBadBut: You can't securely execute commands on Windows
https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
FortiClient Linux Remote Code Execution
https://www.fortiguard.com/psirt/FG-IR-23-087
Apple Threat Notifications and Protecting Against Mercenary Spyware
https://support.apple.com/en-us/102174
New Technique to Trick Developers Detected in an Open Source...

Mark as Played

ISC StormCast for Thursday, April 11th, 2024

April 10, 2024 • 5 mins

Rust Command API code execution vulnerability CVE-2024-24576
https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
Adobe Updates: Magento Adobe Commerce CVE-2024-20759 CVE-2024-20758
https://helpx.adobe.com/security/products/magento/apsb24-18.html
https://helpx.adobe.com/security.html
Fortinet FortiOS And FortiProxy Vulnerability CVE-2023-41677
https://www.fortiguard.com/psirt/FG-IR-23-493

Mark as Played

ISC StormCast for Wednesday, April 10th, 2024

April 9, 2024 • 6 mins

Microsoft Patches
https://isc.sans.edu/forums/diary/April%202024%20Microsoft%20Patch%20Tuesday%20Summary/30822/
D-Link NAS Backdoor
https://github.com/netsecfish/dlink
LG SmartTV Vulnerabilities
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/

Mark as Played

ISC StormCast for Tuesday, April 9th, 2024

April 8, 2024 • 5 mins

A Use Case for Adding Threat Hunting to Your Security Operations Team.
https://isc.sans.edu/diary/30816
Notepad++ Parasite Site
https://notepad-plus-plus.org/news/help-to-take-down-parasite-site/
Hugging Face Pickle File Vulnerablities
https://huggingface.co/blog/hugging-face-wiz-security-blog
Google Considers V8 Sandbox no longer experimental
https://v8.dev/blog/sandbox

Mark as Played

ISC StormCast for Monday, April 8th, 2024

April 7, 2024 • 5 mins

Heartbleed 10th Anniversary
https://heartbleed.com/
Possible Libarchive Backdoor Vulnerability
https://github.com/libarchive/libarchive/pull/1609
Magento XML Backdoor
https://sansec.io/research/magento-xml-backdoor
Google Public DNS's approach to fight against cache poisoning attacks
https://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html
Remote code execution (R...

Mark as Played

ISC StormCast for Friday, April 5th, 2024

April 4, 2024 • 15 mins

Slicing up DoNex with Binary Ninja
https://isc.sans.edu/diary/Slicing%20up%20DoNex%20with%20Binary%20Ninja/30812
HTTP/2 Continuation Flood
https://nowotarski.info/http2-continuation-flood-technical-details/
Dangers of CSS in HTML Email
https://lutrasecurity.com/en/articles/kobold-letters/
Dan Mazzella: Infostealers in Automotive Headunits
https://www.sans.edu/cyber-research/exploring-infosteal...

Mark as Played

ISC StormCast for Thursday, April 4th, 2024

April 3, 2024 • 6 mins

Playing with xzbot: Some things you can learn from SSH traffic
https://isc.sans.edu/forums/diary/Some%20things%20you%20can%20learn%20from%20SSH%20traffic/30808/
Google Proposes Device Bound Session Credentials (DBSC)
https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html

Four More Ivanti Vulnerabilities
https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024...

Mark as Played

ISC StormCast for Wednesday, April 3rd, 2024

April 2, 2024 • 5 mins

Chrome Incognito Mode Settlement
https://www.wired.com/story/google-chrome-incognito-mode-data-deletion-settlement/
Google E-Mail Sender Guidelines FAQ
https://support.google.com/a/answer/14229414?hl=en&fl=1&sjid=2270464422796374445-NC
Cisco Updates and VPN Best Practices
https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.htm...

Mark as Played

ISC StormCast for Tuesday, April 2nd, 2024

April 1, 2024 • 7 mins

The amazingly scary xz sshd backdoor
https://isc.sans.edu/diary/The%20amazingly%20scary%20xz%20sshd%20backdoor/30802
The xz-utils backdoor in security advisories by national CSIRTs
https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800
Checking CSV Files
https://isc.sans.edu/diary/Checking%20CSV%20Files/30796
Infostealers Pose Threat to macOS
https://ww...

Mark as Played

ISC StormCast for Monday, April 1st, 2024

March 31, 2024 • 7 mins

xz-utils Backdoor CVE-2024-3094
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://tukaani.org/xz-backdoor/
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
Backdoor reverse analysis
https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl/post/3kowjkx2njy2b
YARA Rule
https://github.com/byinarie/CVE-2024-3094-info/blob/main/CVE-2024-3094.yar
Social Engin...

Mark as Played

Popular Podcasts

Dateline NBC

Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.

Death, Sex & Money

Anna Sale explores the big questions and hard choices that are often left out of polite conversation.

Stuff You Should Know

If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.

Crime Junkie

If you can never get enough true crime... Congratulations, you’ve found your people.

Start Here

A straightforward look at the day's top news in 20 minutes. Powered by ABC News. Hosted by Brad Mielke.

Advertise With Us

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}ISC StormCast for Friday, April 26th, 2024

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}ISC StormCast for Thursday, April 25th, 2024

ISC StormCast for Wednesday, April 24th, 2024

ISC StormCast for Tuesday, April 23rd, 2024

ISC StormCast for Monday, April 22nd, 2024

ISC StormCast for Friday, April 19th, 2024

ISC StormCast for Thursday, April 18th, 2024

ISC StormCast for Wednesday, April 17th, 2024

ISC StormCast for Tuesday, April 16th, 2024

ISC StormCast for Sunday, April 14th, 2024

ISC StormCast for Friday, April 12th, 2024

ISC StormCast for Thursday, April 11th, 2024

ISC StormCast for Wednesday, April 10th, 2024

ISC StormCast for Tuesday, April 9th, 2024

ISC StormCast for Monday, April 8th, 2024

ISC StormCast for Friday, April 5th, 2024

ISC StormCast for Thursday, April 4th, 2024

ISC StormCast for Wednesday, April 3rd, 2024

ISC StormCast for Tuesday, April 2nd, 2024

ISC StormCast for Monday, April 1st, 2024

Popular Podcasts

ISC StormCast for Friday, April 26th, 2024

ISC StormCast for Thursday, April 25th, 2024