x

75% of people globally want unbiased news (Pew Research) but are concerned they're not getting that.

Get balanced coverage with Symby. See how stories are covered across diverse outlets and spot when one side covers a story the other skips.

PODCAST

SANS Internet Storm Center"s Daily Network Security News Podcast

Johannes B. Ullrich

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

news tech news

All Episodes

07:55

SANS Stormcast Wednesday Mar 12th: Microsoft Patch...

SANS Internet Storm Center"s Daily Network Security... ·

2025/03/11

SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement Microsoft Patch Tuesday Microsoft Patched six already exploited vulnerabilities today. In addition, the patches included a critical patch for Microsoft's DNS server and about 50 additional patches. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20March%202025/31756 Apple Updates iOS/macOS Apple released an update to address a single, already exploited, vulnerability in WebKit. This

en

04:59

SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs;...

SANS Internet Storm Center"s Daily Network Security... ·

2025/03/11

SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln; Shellcode Encoded in UUIDs Attackers are using UUIDs to encode Shellcode. The 128 Bit (or 16 Bytes) encoded in each UUID are converted to shell code to implement a cobalt strike beacon https://isc.sans.edu/diary/Shellcode%20Encoded%20in%20UUIDs/31752 Moxa CVE-2024-12297 Expanded to PT Switches Moxa in January first releast an update to address a fronted authorizaation logic disclosure

en

06:45

SANS Stormcast: Webshells; Undocumented ESP32...

SANS Internet Storm Center"s Daily Network Security... ·

2025/03/09

SANS Stormcast: Webshells; Undocumented ESP32 Commands; Camera Used For Ransomware Distribution Commonly Probed Webshell URLs Many attackers deploy web shells to gain a foothold on vulnerable web servers. These webshells can also be taken over by parasitic exploits. https://isc.sans.edu/diary/Commonly%20Probed%20Webshell%20URLs/31748 Undocumented ESP32 Commands A recent conference presentation by Tarlogic revealed several "backdoors" or undocumented features in the commonly used ESP32 Chipsets

en

13:53

SANS Stormcast Friday Mar 7th: Chrome vs Extensions;...

SANS Internet Storm Center"s Daily Network Security... ·

2025/03/07

SANS Stormcast Friday Mar 7th: Chrome vs Extensions; Kibana Update; PrePw0n3d Android TV Sticks; Identifying APTs (@sans_edu, Eric LeBlanc) Latest Google Chrome Update Encourages UBlock Origin Removal The latest update to Google Chrome not only disabled the UBlock Origin ad blocker, but also guides users to uninstall the extension instead of re-enabling it. https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html

en

06:45

SANS Stormcast Thursday Mar 6th: DShield ELK...

SANS Internet Storm Center"s Daily Network Security... ·

2025/03/06

SANS Stormcast Thursday Mar 6th: DShield ELK Analysis; Jailbreaking AMD CPUs; VIM Vulnerability; Snail Mail Ransomware DShield Traffic Analysis using ELK The "DShield SIEM" includes an ELK dashboard as part of the Honeypot. Learn how to find traffic of interest with this tool. https://isc.sans.edu/diary/DShield%20Traffic%20Analysis%20using%20ELK/31742 Zen and the Art of Microcode Hacking Google released details, including a proof of concept exploit, showing how to take advantage of the recently

en

06:12

SANS Stormcast Wednesday Mar 5th: SMTP Credential...

SANS Internet Storm Center"s Daily Network Security... ·

2025/03/05

SANS Stormcast Wednesday Mar 5th: SMTP Credential Hunt; mac-robber.py update; ADSelfService Plus Account Takeover; Android Patch Day; PayPal Scams; VMWare Escape Fix Romanian Distillery Scanning for SMTP Credentials A particular attacker expanded the scope of their leaked credential file scans. In addition to the usual ".env" style files, it is not looking for specific SMTP related credential files. https://isc.sans.edu/diary/Romanian%20Distillery%20Scanning%20for%20SMTP%20Credentials/31736 Tool

en

06:17

SANS Stormcast Tuesday Mar 4th: Mark of the Web...

SANS Internet Storm Center"s Daily Network Security... ·

2025/03/04

SANS Stormcast Tuesday Mar 4th: Mark of the Web Details; Sharepint and Click-Fix Phishing; Paragon Partionmanager BYOVD Exploit Mark of the Web: Some Technical Details Windows implements the "Mark of the Web" (MotW) as an alternate data stream that contains not just the "zoneid" of where the file came from, but may include other data like the exact URL and referrer. https://isc.sans.edu/diary/Mark%20of%20the%20Web%3A%20Some%20Technical%20Details/31732 Havoc Sharepoint with Microsoft Graph API A

en

07:09

SANS Stormcast Monday Mar 3rd: AI Training Data...

SANS Internet Storm Center"s Daily Network Security... ·

2025/03/03

SANS Stormcast Monday Mar 3rd: AI Training Data Leaks; MITRE Caldera Vuln; modsecurity bypass Common Crawl includes Common Leaks The "Common Crawl" dataset, a large dataset created by spidering website, contains as expected many API keys and other secrets. This data is often used to train large language models https://trufflesecurity.com/blog/research-finds-12-000-live-api-keys-and-passwords-in-deepseek-s-training-data Github Repositories Exposed by Copilot As it is well known, Github's Copilot is

en

14:28

SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms;...

SANS Internet Storm Center"s Daily Network Security... ·

2025/02/28

SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware Njrat Compaign Using Microsoft dev Tunnels: A recent version of the Njrat remote admin tool is taking advantage of Microsoft's developer tunnels (devtunnels.ms) as a command and control channel. https://isc.sans.edu/diary/Njrat%20Campaign%20Using%20Microsoft%20Dev%20Tunnels/31724 NrootTag Apple FindMy Abuse Malware could use a weakness in the keys used for Apple FindMy to

en

06:46

SANS Stormcast Thursday Feb 27th: High Exfil Ports;...

SANS Internet Storm Center"s Daily Network Security... ·

2025/02/27

SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln; Attacker of of Ephemeral Ports Attackers often use ephermeral ports to reach out to download additional resources or exfiltrate data. This can be used, with care, to detect possible compromises.

en

05:59

SANS Stormcast Wednesday Feb 26th: M365 Infostealer...

SANS Internet Storm Center"s Daily Network Security... ·

2025/02/26

SANS Stormcast Wednesday Feb 26th: M365 Infostealer Botnet; Mixing OpenID Keys; Malicious Medical Image Apps Massive Botnet Targets M365 with Password Spraying A large botnet is targeting service accounts in M365 with credentials stolen by infostealer malware. https://securityscorecard.com/wp-content/uploads/2025/02/MassiveBotnet-Report_022125_03.pdf Mixing up Public and Private Keys in OpenID The complex OpenID specificiation and the flexibility it supports enables careless administrators to

en

06:10

SANS Stormcast Tuesday Feb 25th: Unfurl Updates;...

SANS Internet Storm Center"s Daily Network Security... ·

2025/02/24

SANS Stormcast Tuesday Feb 25th: Unfurl Updates; Google Ditches SMS; Paypal Phish; Exim, libXML, Parallels Vuln Unfurl Update Released Unfurl released an Update fixing a few bugs and adding support to decode BlueSky URLs. https://isc.sans.edu/diary/Unfurl%20v2025.02%20released/31716 Google Confirms GMail To Ditch SMS Code Authentication Google no longer considers SMS authentication save enough for GMail. Instead, it pushes users to use Passkeys, or QR code based app authentication

en

05:21

SANS Stormcast Monday Feb 24th: sigs.py update;...

SANS Internet Storm Center"s Daily Network Security... ·

2025/02/24

SANS Stormcast Monday Feb 24th: sigs.py update; Google Introdusing Quantum Safe Sigs; MSFT Update Win 11 issues; LTE/5G Vulns; Tool Update: Sigs.py Jim updates sigs.py. The tool verifies hashes for files and automatically recognizes what hash is used. https://isc.sans.edu/diary/Tool%20update%3A%20sigs.py%20-%20added%20check%20mode/31706 Google Announcing Quantum Safe Digital Signatures in Cloud KMS Google announced the option to use quantum safe digital signatures for its cloud key management

en

12:30

SANS Stormcast Friday Feb 21st: Kibana Queries;...

SANS Internet Storm Center"s Daily Network Security... ·

2025/02/21

SANS Stormcast Friday Feb 21st: Kibana Queries; Mongoose Injection; U-Boot Flaws; Unifi Protect Camera Vulnerabilities; Protecting Network Devices as Endpoint (Austin Clark @sans_edu) Using ES|QL In Kibana to Query DShield Honeypot Logs Using the "Elastic Search Piped Query Language" to query DShield honeypot logs https://isc.sans.edu/diary/Using%20ES%7CQL%20in%20Kibana%20to%20Queries%20DShield%20Honeypot%20Logs/31704 Mongoose Flaws Put MongoDB at risk The Object Direct Mapping library Mongoose

en

07:02

SANS Stormcast Wednesday Feb 20th: XWorm Cocktail;...

SANS Internet Storm Center"s Daily Network Security... ·

2025/02/20

SANS Stormcast Wednesday Feb 20th: XWorm Cocktail; Quantum Computing Breakthrough; Signal Phishing XWorm Cocktail: A Mix of PE data with PowerShell Code Quick analysis of an interesting XWrom sample with powershell code embedded inside an executable https://isc.sans.edu/diary/XWorm+Cocktail+A+Mix+of+PE+data+with+PowerShell+Code/31700 Microsoft's Majorana 1 Chip Carves New Path for Quantum Computing Microsoft announced a breack through in Quantum computing. Its new prototype Majorana 1 chip takes

en

06:55

SANS Stormcast Tuesday Feb 19th: ModelScan AI Model...

SANS Internet Storm Center"s Daily Network Security... ·

2025/02/19

SANS Stormcast Tuesday Feb 19th: ModelScan AI Model Security; OpenSSH Vuln; Juniper Patches; Dell BIOS Vulnerability ModelScan: Protection Against Model Serialization Attacks ModelScan is a tool to inspect AI models for deserialization attacks. The tool will detect suspect commands and warn the user. https://isc.sans.edu/diary/ModelScan%20-%20Protection%20Against%20Model%20Serialization%20Attacks/31692 OpenSSH MitM and DoS Vulnerabilities OpenSSH Patched two vulnerabilities discovered by Qualys. One

en

04:39

SANS Stormcast: Securing the Edge; PostgreSQL...

SANS Internet Storm Center"s Daily Network Security... ·

2025/02/18

SANS Stormcast: Securing the Edge; PostgreSQL Exploit; Ivanti Exploit; WinZip Vulnerablity; Xerox Patch My Very Personal Guidance and Strategies to Protect Network Edge Devices A quick summary to help you secure edge devices. This may be a bit opinionated, but these are the strategies that I find work and are actionable. https://isc.sans.edu/diary/My%20Very%20Personal%20Guidance%20and%20Strategies%20to%20Protect%20Network%20Edge%20Devices/31660 PostgreSQL SQL Injection A followup to yesterday's

en

08:33

SANS Stormcast Monday Feb 17th: Fake BSOD; Volatile...

SANS Internet Storm Center"s Daily Network Security... ·

2025/02/17

SANS Stormcast Monday Feb 17th: Fake BSOD; Volatile IPs; Postgresql libpq SQL Injection; OAUTH Phishing Fake BSOD Delivered by Malicious Python Script Xavier found an odd malicious Python script that displays a blue screen of death to users. The purpose isn't quite clear. It could be a teach support scam tricking users into calling the 800 number displayed, or a simple anti-reversing trick https://isc.sans.edu/diary/Fake%20BSOD%20Delivered%20by%20Malicious%20Python%20Script/31686 The Danger of IP

en

06:03

SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM;...

SANS Internet Storm Center"s Daily Network Security... ·

2025/02/14

SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch DShield SIEM Docker Updates Interested in learning more about the attacks hitting your honeypot? Guy assembled a neat SIEM to create dashboards summarizing the attacks. https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/31680 PANOS Path Confusion Auth Bypass Palo Alto Networks fixed a path confusion vulnerability introduced by the overly complex midle box chain in PANOS

en

05:59

SANS Stormcast Feb 13th 2025: Smart City Threats;...

SANS Internet Storm Center"s Daily Network Security... ·

2025/02/13

SANS Stormcast Feb 13th 2025: Smart City Threats; Advanced Social Engineering Attacks; Wazuh Vulnerability; PAM Vulnerability; Ivanti Patches An Ontology for Threats: Cybercrime and Digital Forensic Investigation on Smart City Infrastructure Smart cities is a big topic for many local governments. With building these complex systems, attacks will follow.

en

425 results

Similar Podcasts

Expres Ráno

Expres FM

PBS News Hour - Full Show

PBS News

CD Voice

China Daily

Israel Today: Ongoing War Report

Noa Levi

Jeffrey Epstein: The Coverup Chronicles

Bobby Capucci