Shows
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS ISC Stormcast, Jan 13, 2025: Defender Updates, Ivanti RCE, Apple USB-C Hack and moreIn today's episode, we cover the latest updates in cybersecurity:
Windows Defender Enhances Chrome Extension Detection
Microsoft's Defender now catalogs Chrome extensions to identify malicious ones. Learn how this improves enterprise security.
https://isc.sans.edu/diary/Windows%20Defender%20Chrome%20Extension%20Detection/31574
Multi-OLE Analysis in Malicious Documents
A look at how attackers embed OLE files in Office documents to evade detection and the tools to combat it.
https://isc.sans.edu/diary/Multi-OLE/31580
Ivanti Connect Secure RCE Vulnerability (CVE-2025-0282)
Details of a critical vulnerability affecting Ivanti products and the patching timelines.2025-01-1306 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, January 6th, 2025In this episode of the SANS Internet Storm Center's Stormcast, we cover the latest cybersecurity threats and defenses, including Python-delivered malware, goodware hash sets, SSL/TLS protocol updates, and critical vulnerabilities in ASUS routers and Paessler PRTG. Stay informed and secure your systems!
Full details and links to all stories:
SwaetRAT via Python: https://isc.sans.edu/diary/SwaetRAT%20Delivery%20Through%20Python/31554
Goodware Hash Sets: https://isc.sans.edu/diary/Goodware%20Hash%20Sets/31556
SSL/TLS Updates: https://isc.sans.edu/diary/Changes%20in%20SSL%20and%20TLS%20support%20in%202024/31550
Cyberhaven Extension Compromise: https://secureannex.com/blog...2025-01-0608 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Thursday, December 12th, 2024Vulnerability Symbiosis: vSphere's CVE-2024-38812 and CVE-2024-38813
https://isc.sans.edu/diary/Vulnerability%20Symbiosis%3A%20vSphere%3Fs%20CVE-2024-38812%20and%20CVE-2024-38813%20%5BGuest%20Diary%5D/31510
Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS)
https://isc.sans.edu/diary/Apple+Updates+Everything+iOS+iPadOS+macOS+watchOS+tvOS+visionOS/31514/
Widespread exploitation of Cleo file transfer software (CVE-2024-50623)
https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild
https://labs.watchtowr.com/cleo-cve-2024-50623/2024-12-1205 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, December 2nd, 2024AWS DShield Sensor + DShield SIEM
https://isc.sans.edu/diary/SANS%20ISC%20Internship%20Setup%3A%20AWS%20DShield%20Sensor%20%2B%20DShield%20SIEM%20%5BGuest%20Diary%5D/31480
From a Regular Infostealer to its Obfuscated Version
https://isc.sans.edu/diary/From%20a%20Regular%20Infostealer%20to%20its%20Obfuscated%20Version/31484
Credit Card Skimmer Malware Targeting Magento Checkout Pages
https://blog.sucuri.net/2024/11/credit-card-skimmer-malware-targeting-magento-checkout-pages.html
LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux
https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux
Stickers:
https://isc.sans.edu/stickers.html (code PODCAST)2024-12-0205 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Tuesday, November 26th, 2024Quick & Dirty Obfuscated JavaScript Analysis
https://isc.sans.edu/diary/Quick%20%26%20Dirty%20Obfuscated%20JavaScript%20Analysis/31468
Decrypting a PDF With a User Password
https://isc.sans.edu/diary/Decrypting%20a%20PDF%20With%20a%20User%20Password/31466
The strange case of disappearing Russian servers
https://isc.sans.edu/diary/The%20strange%20case%20of%20disappearing%20Russian%20servers/31476
QNAP Buggy Firmware Update
https://community.qnap.com/t/firmware-qts-5-2-2-2950-build-20241114-released/254
7-ZIP Zstandard Decompression Integer Underflow
https://www.zerodayinitiative.com/advisories/ZDI-24-1532/
https://7-zip.org/download.html2024-11-2604 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, November 4th, 2024October Activity with Username chenzilong
https://isc.sans.edu/diary/October%202024%20Activity%20with%20Username%20chenzilong/31400
qpdf Extracting PDF Streams
https://isc.sans.edu/diary/qpdf%3A%20Extracting%20PDF%20Streams/31406
Okta bcrypt issue
https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/
https://medium.com/@rajat29gupta/how-bcrypts-limitations-contributed-to-okta-s-vulnerability-a-lesson-for-developers-39425c644ed5
Synology Vulnerabilities
https://www.synology.com/de-de/security/advisory/Synology_SA_24_19
https://www.synology.com/de-de/security/advisory/Synology_SA_24_18
Lastpass Fake Reviews
https://blog.lastpass.com/posts/fake-web-store-reviews-attempting-to-steal-customer-data2024-11-0405 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Tuesday, October 29th, 2024Apple Update Everything
https://isc.sans.edu/diary/Apple%20Updates%20Everything/31390
Selfcontained HTML Phishing Attachment Using Telegram to Exfiltrate Credentials
https://isc.sans.edu/diary/Selfcontained+HTML+phishing+attachment+using+Telegram+to+exfiltrate+stolen+credentials/31388/
ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE Exploits
https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits2024-10-2905 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, September 30th, 2024CUPS Vulnerability
https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302
PHP Updates
https://www.php.net/ChangeLog-8.php#8.1.30
DNS And Big Chinese Firewall
https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall
https://isc.sans.edu/diary/Are+You+Piratebay+thepiratebayorg+Resolving+to+Various+Hosts/19175
HPE Aruba Networking Vulnerabilities
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US2024-09-3007 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, September 9th, 2024Password Cracking Energy: More Details
https://isc.sans.edu/diary/Password%20Cracking%20%26%20Energy%3A%20More%20Dedails/31242
Python Notpad ++
https://isc.sans.edu/diary/Python%20%26%20Notepad%2B%2B/31240
Fake LinkedIn Job Ads
https://cloud.google.com/blog/topics/threat-intelligence/examining-web3-heists/
Android Crypto Passphrase Stealer with OCR
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/
Sextortion Scam Now use Your Chating Spouses Name as a Lure
https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/2024-09-0906 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, August 5th, 2024Current Secure Boot Certifiate Authority Expires in 2026
https://isc.sans.edu/diary/Even+Linux+users+should+take+a+look+at+this+Microsoft+KB+article/31140
OOXML Spreadsheets Protected by Verifier Hashes
https://isc.sans.edu/diary/OOXML%20Spreadsheets%20Protected%20By%20Verifier%20Hashes/31072
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/
DARPA TRACTOR Program for Translating C to Rust
https://www.darpa.mil/news-events/2024-07-31a2024-08-0506 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, July 29th, 2024ExelaStealer Delivered "From Russia With Love"
https://isc.sans.edu/diary/31118
Create Your Own BSOD: NotMyFault
https://isc.sans.edu/diary/Create%20Your%20Own%20BSOD%3A%20NotMyFault/31120
PKFail Vulnerability
https://pk.fail/
CrowdStrike Recovery
https://arstechnica.com/information-technology/2024/07/97-of-crowdstrike-systems-are-back-online-microsoft-suggests-windows-changes/2024-07-2906 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, July 15th, 202416-Bit Hash Collisions in XLS Spreadsheets
https://isc.sans.edu/diary/16-bit%20Hash%20Collisions%20in%20.xls%20Spreadsheets/31066
Attacks against the "Nette" PHP framework CVE-2020-15227
https://isc.sans.edu/forums/diary/Attacks+against+the+Nette+PHP+framework+CVE202015227/31076/
Squarespace Hijacked Domains
https://github.com/security-alliance/advisories/blob/main/2024-07-squarespace.pdf2024-07-1506 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, July 8th, 2024OpenSSH RegreSSHion Vulnerability
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
https://isc.sans.edu/diary/SSH%20%22regreSSHion%22%20Remote%20Code%20Execution%20Vulnerability%20in%20OpenSSH./31046
Overlooked Domain Name Resliency Issues: Registrar Communications
https://isc.sans.edu/diary/Overlooked%20Domain%20Name%20Resiliency%20Issues%3A%20Registrar%20Communications/31048
Cloudflare 1.1.1.1 incident on Juine 27th 2024
https://blog.cloudflare.com/cloudflare-1111-incident-on-june-27-20242024-07-0809 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Friday, June 21st, 2024No Excuses: Free Tools to Help Secure Authentication in Ubuntu
https://isc.sans.edu/diary/No%20Excuses%2C%20Free%20Tools%20to%20Help%20Secure%20Authentication%20in%20Ubuntu%20Linux%20%5BGuest%20Diary%5D/31024
Handling BOM MIME Files
https://isc.sans.edu/diary/Handling+BOM+MIME+Files/31022
Atlasiun Confluence Data Center and Server Vuln
https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html
Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses For Offensive Purposes
https://modzero.com/en/blog/beyond_the_at_symbol/
VMWare Patches
https://support.broadcom.com/web/ecx/support-content-notification/-/external...2024-06-2105 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Tuesday, May 28th, 2024Files with TGZ Extension used as malspam attachements
https://isc.sans.edu/diary/Files%20with%20TXZ%20extension%20used%20as%20malspam%20attachments/30958
Google 0-Day
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html
Google Stops Trusting Globaltrust CA
https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ
Checkpoint warns of password bruteforcing
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture?campaign=checkpoint&eid=guvrs&advisory=1
SEC522: Defending Web Applications
isc.sans.edu/j/sec5222024-05-2806 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Friday, May 24th, 2024Analysis of 'redtail' file uploads to ISC Honeypot
https://isc.sans.edu/diary/Analysis%20of%20%3Fredtail%3F%20File%20Uploads%20to%20ICS%20Honeypot%2C%20a%20Multi-Architecture%20Coin%20Miner%20%5BGuest%20Diary%5D/30950
Veeam Vulnerablity
https://www.veeam.com/kb4581
C-Root Server Lost Touch With Peers
https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/
Ivanti Vulnerabilities
https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardening-and-CVE-fixed?language=en_US
Justice AV Solutions Software Backdoor
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/2024-05-2407 min
Heads UpEdtech for admin: Problems solved, and challenges posedEdtech is no longer a ‘nice to have’ for international schools, it is embedded in every aspect of school operations, supporting both administrative and pedagogical needs. Choosing the right edtech product can greatly improve administrative efficiency for staff, giving them more time to focus on the learning outcomes of their students. In this episode, join Elena Mora, International Schools Field Researcher at ISC Research, as she discusses insights from the latest white paper by ISC Research with a panel of experts. They explore how edtech products can help solve administrative problems for international schools, and also look at so...2024-05-1645 min
Heads UpInternational School Awards spotlight: Lincoln Community School’s Model United Nations conferenceIn this episode, join Janelle Torres, South East Asia Research Manager at ISC Research, as she speaks with two representatives from Lincoln Community School in Ghana. This school recently achieved a prestigious International School Award for their remarkable initiative. They hosted the West African International Schools Activities League Model United Nations, a student-led conference that saw the participation of over 150 students. Explore the invaluable opportunities this initiative provided for students to cultivate leadership and collaboration skills, alongside the challenges faced and advice for future schools looking to apply to the International School Awards. Join us in applauding Lincoln Community...2024-04-1829 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Tuesday, April 2nd, 2024The amazingly scary xz sshd backdoor
https://isc.sans.edu/diary/The%20amazingly%20scary%20xz%20sshd%20backdoor/30802
The xz-utils backdoor in security advisories by national CSIRTs
https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800
Checking CSV Files
https://isc.sans.edu/diary/Checking%20CSV%20Files/30796
Infostealers Pose Threat to macOS
https://www.jamf.com/blog/infostealers-pose-threat-to-macos/2024-04-0207 min
Heads UpInternational School Awards spotlight: Floating Village in HanoiIn this episode hosted by Luke Walduck, School Development Manager at ISC Research, we shine a spotlight on an inspiring initiative recognised at the 2024 International School Awards. Join us as we applaud the British Vietnamese International School Hanoi for their outstanding community service project, which has made a significant impact on the residents of the Floating Village in Hanoi. Our panellist, Piers Roderick, Assistant Head of Secondary at the school, provides an in-depth look into this inspiring endeavour. He discusses the challenges encountered, outlines plans for further development, and shares invaluable advice for international schools contemplating future International School...2024-03-2820 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Tuesday, March 26th, 2024Tool updates: le-hex-to-ip.py and sigs.py
https://isc.sans.edu/diary/Tool%20updates%3A%20le-hex-to-ip.py%20and%20sigs.py/30772
Apple Updates for MacOS, iOS/iPadOS, visionOS;
https://isc.sans.edu/diary/Apple%20Updates%20for%20MacOS%2C%20iOS%20iPadOS%20and%20visionOS/30778
Fake Python Infrastructure
https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/
OpenVPN Update
https://openvpn.net/community-downloads/2024-03-2606 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, March 18th, 20245GHoul Revisted: Thress Months Later
https://isc.sans.edu/diary/5Ghoul%20Revisited%3A%20Three%20Months%20Later/30746
Obfuscated Hexadecimal Payload
https://isc.sans.edu/diary/Obfuscated%20Hexadecimal%20Payload/30750
ChatGPT Related OAUTH Issues
https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data?utm_source=social&utm_medium=reddit
RedCanary Threat Detection Report
https://redcanary.com/threat-detection-report/
CRL/OCSP Changes
https://github.com/cabforum/servercert/blob/main/docs/BR.md2024-03-1806 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Friday, March 8th, 2024AWS Deploymnet Risks - Configuration and Credential File Targeting
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20AWS%20Deployment%20Risks%20-%20Configuration%20and%20Credential%20File%20Targeting/30722
Apple Updates
https://isc.sans.edu/diary/MacOS%20Patches%20%28and%20Safari%2C%20TVOS%2C%20VisionOS%2C%20WatchOS%29/30726
NSA/CISA Secure Cloud Guides
https://media.defense.gov/2024/Mar/07/2003407866/-1/-1/0/CSI-CloudTop10-Identity-Access-Management.PDF
https://media.defense.gov/2024/Mar/07/2003407858/-1/-1/0/CSI-CloudTop10-Key-Management.PDF
https://media.defense.gov/2024/Mar/07/2003407859/-1/-1/0/CSI-CloudTop10-Managed-Service-Providers.PDF
https://media.defense.gov/2024/Mar/07/2003407862/-1/-1/0/CSI-CloudTop10-Secure-Data.PDF
https://media.defense...2024-03-0805 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Wednesday, March 6th, 2024iOS/iPadOS Updates with Zero Day Fixes
https://isc.sans.edu/diary/Apple%20Releases%20iOS%20iPadOS%20Updates%20with%20Zero%20Day%20Fixes./30716
Why Your Firewall Will Kill You
https://isc.sans.edu/diary/Why+Your+Firewall+Will+Kill+You/30714/
QEMU Tunnel
https://securelist.com/network-tunneling-with-qemu/111803/
VMware Vulnerabilities Patched
https://www.vmware.com/security/advisories/VMSA-2024-0006.html2024-03-0606 min
Heads UpBalancing recruitment and retention in international schoolsIn this episode, Luke Walduck, School Development Manager at ISC Research, joins forces with Tony Atkinson, International Field Researcher at ISC Research, and Matthew Peck, Senior Business Manager at Teachanywhere, to delve into the recruitment and retention cycle within international schools. Together, they shed light on the myriad of challenges faced and underscore the importance of adaptive strategies in meeting recruitment demands. They explore the evolving landscape of recruitment tactics, advocating for a diversified approach leveraging multiple channels. Tune in for valuable insights and much more as they navigate through this essential aspect of school management. Thank y...2024-02-2928 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, February 26th, 2024Update MGLNDD * Scans
https://isc.sans.edu/forums/diary/Update%3A%20MGLNDD_*%20Scans/30686/
Simple Anti-Sandbox Technique: Where's the Mouse
https://isc.sans.edu/diary/Simple%20Anti-Sandbox%20Technique%3A%20Where%27s%20The%20Mouse%3F/30684
Security Vulnerabilities in Apex Code Could Leak Salesforce Data
https://www.varonis.com/blog/apex-code-vulnerabilities
IBM Operation Decision Manager Exploit CVE-2024-22319 CVE-2024-22320
https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/
Linux Kernel TLS Vulnerability CVE-2024-26582
https://lore.kernel.org/linux-cve-announce/2024022139-spruce-prelude-c358@gregkh/2024-02-2605 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Friday, February 23rd, 2024Friend, Foe or Something In Between
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Friend%2C%20foe%20or%20something%20in%20between%3F%20The%20grey%20area%20of%20%27security%20research%27/30670
Large AT&T Wireless Network Outage
https://isc.sans.edu/diary/Large%20AT%26T%20Wireless%20Network%20Outage%20%23att%20%23outage/30680
Connect Wise Screenconnect Userd by LockBit
https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/
SSH Snake Abused in the Wild
https://github.com/MegaManSec/SSH-Snake2024-02-2305 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Tuesday, January 23rd, 2024Apple Updates Everything
https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20-%20New%200%20Day%20in%20WebKit/30578/
Atlassian Confluence RCE Vulnerability Exploits CVE-2023-22527
https://isc.sans.edu/forums/diary/Scans%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20RCE%20Vulnerability%20CVE-2023-22527/30576/
Updated Ivanti Mitigation Advise
https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Czech Republic Sets IPv4 Shutdown date
https://konecipv4.cz/en/2024-01-2307 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, January 8th, 2024Netstat But Better and in PowerShell
https://isc.sans.edu/diary/Netstat%2C%20but%20Better%20and%20in%20PowerShell/30532
Double Phishing Submission
https://isc.sans.edu/diary/Are%20you%20sure%20of%20your%20password%3F/30534
Suspicious Prometei Botnet Activity
https://isc.sans.edu/diary/Suspicious%20Prometei%20Botnet%20Activity/30538
Spectral Blur Mac Malware
https://g-les.github.io/yara/2024/01/03/100DaysofYARA_SpectralBlur.html
Google Malware Abusing API is Standard Token Theft not an API Issue
https://www.bleepingcomputer.com/news/security/google-malware-abusing-api-is-standard-token-theft-not-an-api-issue/2024-01-0805 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Tuesday, January 2nd, 2024Shall We Play a Game
https://isc.sans.edu/diary/Shall+We+Play+a+Game/30510
Mailtrap.io Exfiltration
https://isc.sans.edu/diary/Python%20Keylogger%20Using%20Mailtrap.io/30512
Pi Hole Docker
https://isc.sans.edu/forums/diary/Pi-Hole%20Pi4%20Docker%20Deployment/30516/
Mirai Update
https://isc.sans.edu/diary/Unveiling%20the%20Mirai%3A%20Insights%20into%20Recent%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30514
Barracuda 0-Day Vulnerability
https://www.barracuda.com/company/legal/esg-vulnerability
Apache OFBiz 0-Day Exploited against Atlassian (and possibly others)
https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/2024-01-0206 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, December 18th, 2023An Example of a RocketMQ Exploit Scanner
https://isc.sans.edu/diary/An%20Example%20of%20RocketMQ%20Exploit%20Scanner/30492
C# Payload Phoning to a Cobalt Strike Server
https://isc.sans.edu/diary/CSharp%20Payload%20Phoning%20to%20a%20CobaltStrike%20Server/30490
3CX SQL Injection Vulnerability
https://www.3cx.com/blog/news/sql-database-integration/
QNAP Viostor 0-Day Vulnerablity
https://www.akamai.com/blog/security-research/qnap-viostor-zero-day-vulnerability-spreading-mirai-patched
PFSense Vulnerability
https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/
SANS Holiday Hack Challenge
https://sans.org/holidayhack2023-12-1810 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Tuesday, December 12th, 2023What is Sitemap.xml and Why a Pentester Should Care
https://isc.sans.edu/diary/What%20is%20sitemap.xml%2C%20and%20Why%20a%20Pentester%20Should%20Care/30472
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything/30474/
Android Password Manager Auto Spill
https://i.blackhat.com/EU-23/Presentations/EU-23-Gangwal-AutoSpill-Zero-Effort-Credential-Stealing.pdf2023-12-1205 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, December 11th, 2023IPv4 Mapped IPv6 Addresses
https://isc.sans.edu/diary/IPv4-mapped%20IPv6%20Address%20Used%20For%20Obfuscation/30466
Honeypots From the Skeptical Beginner to the Tactical Enthusiast
https://isc.sans.edu/diary/Honeypots%3A%20From%20the%20Skeptical%20Beginner%20to%20the%20Tactical%20Enthusiast/30468
Bluetooth Weakness CVE-2023-45866
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
Syrus 4 IoT Gateway Vulnerability CVE-2023-6248
https://socradar.io/syrus4-iot-gateway-vulnerability-could-allow-code-execution-on-thousands-of-vehicles-simultaneously-cve-2023-6248/
Microsoft Edge Vulnerability CVE-2023-35618
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#december-7-20232023-12-1106 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Friday, December 8th, 20235G Vulnerabilities
https://isc.sans.edu/diary/5Ghoul%3A%20Impacts%2C%20Implications%20and%20Next%20Steps/30462
Revealing the hidden Risks of QR Codes
https://isc.sans.edu/diary/Revealing%20the%20Hidden%20Risks%20of%20QR%20Codes%20%5BGuest%20Diary%5D/30458
Window 10 End of Support
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/plan-for-windows-10-eos-with-windows-11-windows-365-and-esu/ba-p/4000414
Apache Struts 2 Vulnerability CVE-2023-50164
https://cwiki.apache.org/confluence/display/WW/S2-0662023-12-0806 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Friday, December 1st, 2023Apple Updates
https://isc.sans.edu/diary/Apple+Patches+Exploited+WebKit+Vulnerabilitiues+in+iOSiPadOSmacOS/30444
Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
https://isc.sans.edu/forums/diary/Prophetic+Post+by+Intern+on+CVE20231389+Foreshadows+Mirai+Botnet+Expansion+Today/30442/
Zyxel Vulnerabilities
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products
Solarwinds Update
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4_release_notes.htm#link3
DNS Looking Glass
https://isc.sans.edu/tools/dnslookup/2023-12-0105 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, November 27th, 2023DShield Birthday
https://isc.sans.edu/diary/Happy%20Birthday%20DShield/30420
Mirai uses CVE-2023-1389
https://isc.sans.edu/diary/CVE-2023-1389%3A%20A%20New%20Means%20to%20Expand%20Botnets/30418
More Mirai Vulnerabilities
https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days
Analyzing OVA Files
https://isc.sans.edu/diary/OVA%20Files/30424
Static Code Injections in OpenCart (CVE-2023-47444)
https://github.com/opencart/opencart/issues/12947
Holiday Hackchallenge
https://www.sans.org/mlp/holiday-hack-challenge-2023/2023-11-2706 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, October 30th, 2023Size Matters for Many Security Controls
https://isc.sans.edu/diary/Size%20Matters%20for%20Many%20Security%20Controls/30352
Spam or Phishing? Looking for Credentials and Passwords
https://isc.sans.edu/diary/Spam%20or%20Phishing%3F%20Looking%20for%20Credentials%20%26%20Passwords/30354
iOS Leaks MAC Address
https://www.youtube.com/watch?v=T3XABxNogTA
Zero Day Initiative Pwn2Own Summary
https://www.zerodayinitiative.com/blog/2023/10/24/pwn2own-toronto-2023-day-one-results
https://www.zerodayinitiative.com/blog/2023/10/25/pwn2own-toronto-2023-day-two-results
https://www.zerodayinitiative.com/blog/2023/10/26/pwn2own-toronto-2023-day-three-results
Microsoft Octo Tempest Writeup
https://www.microsoft.com/en-us...2023-10-3006 min
Heads UpRethinking systems to empower student agencyDoes learner agency require system change? How are international schools developing a community culture that empowers all students with the current, rigid educational paradigm? Answers to these questions and more will be discussed in this episode, where Nalini Cook, Head of Global Research at ISC Research, speaks to a panel of three international school experts. Thank you to Nalini and our three representatives from international schools: Naheed Bardai, Principal at UWC Atlantic College. Nneka Johnson, Director of Innovation and Strategic Development at International School of Dakar (ISD) Alan Phan, Head of School at North London Collegiate Scho...2023-10-051h 00SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, October 2nd, 2023Analyzing MIME Files: a Quick Tip
https://isc.sans.edu/diary/Analyzing%20MIME%20Files%3A%20a%20Quick%20Tip/30266
Infostealers Looking for Password Files
https://isc.sans.edu/diary/Are+You+Still+Storing+Passwords+In+Plain+Text+Files/30262/
Simple Netcat Backdoor
https://isc.sans.edu/diary/Simple+Netcat+Backdoor+in+Python+Script/30264/
EXIM Response to the ZDI Release
https://exim.org/static/doc/security/CVE-2023-zdi.txt
Exploit for WS_FTP Vulnerability
https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-400442023-10-0205 min
Heads UpFostering multilingualism from the early yearsBeginning in the earliest years, international schools facilitate self-management and personalised learning journeys by encompassing language, culture, values, and choice. In this episode, Janelle Torres, South East Asia Research Manager at ISC Research, speaks to a panel of three international school experts to discuss how initiatives in the early years can impact students of all ages.Thank you to Janelle and our three representatives from international schools: Jessica Davis, ES EAL Teacher at Saigon South International School, Vietnam. Matt Hajdun, Assistant Director of Learning - Language Development at TCS, Colombia.Helen Avetisyan, Whole School Multilingualism Lead Te...2023-09-0751 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, July 31st, 2023USPS Phishing Scam Targeting iOS Users
https://isc.sans.edu/forums/diary/USPS+Phishing+Scam+Targeting+iOS+Users/30078/
Do Attackers Pay More Attention to IPv6
https://isc.sans.edu/diary/Do%20Attackers%20Pay%20More%20Attention%20to%20IPv6%3F/30076
Shell Code in Images
https://isc.sans.edu/diary/ShellCode%20Hidden%20with%20Steganography/30074
Ivanti Mobileiron Exploit Public
https://github.com/vchan-in/CVE-2023-35078-Exploit-POC/blob/main/cve_2023_35078_poc.py2023-07-3105 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Thursday, July 6th, 2023DShield pfSense Client Update
https://isc.sans.edu/diary/DShield%20pfSense%20Client%20Update/29994
Exposed Industrial Control Systems
https://isc.sans.edu/diary/Controlling%20network%20access%20to%20ICS%20systems/30000
Analysis Method for Custom Encoding
https://isc.sans.edu/diary/Analysis%20Method%20for%20Custom%20Encoding/29946
SNAPPY: Detecting Rogue WiFi Access Points
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/snappy-detecting-rogue-and-fake-80211-wireless-access-points-through-fingerprinting-beacon-management-frames/
RUSTBUCKET Mac Malware
https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket2023-07-0606 min
Heads UpHow influential is the student voice in international schools?In this episode, Pia Maske, East Asia Field Research Manager explores some of the findings from recent research conducted by ISC Research into student voices with a panel of experts. It discusses research conducted with international school students and alumni as well as separate research with international school teachers and leaders. Two international school consultants who contributed to the research report share their insights about the findings and offer practical solutions for international schools opening up student voice.Pia hosts the discussion with international school consultants:Matthew Savage, Independent Consultant and a former International School PrincipalJoel...2023-06-2942 min