SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Podcast af Johannes B. Ullrich

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Begrænset tilbud

3 måneder kun 9,00 kr.

Derefter 99,00 kr. / månedIngen binding.

Kom i gang

Alle episoder

5178 episoder
episode SANS Stormcast Monday June 30th, 2025: Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resliliency Initiative artwork
SANS Stormcast Monday June 30th, 2025: Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resliliency Initiative

Scattered Spider Update The threat actor known as Scattered Spider is in the news again, this time focusing on airlines. But the techniques used by Scattered Spider, social engineering, are still some of the most dangerous techniques used by various threat actors. https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations?e=48754805 [https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations?e=48754805] AMI BIOS Vulnerability Exploited CVE-2024-54085 A vulnerability in the Redfish remote access software, including AMI s BIOS, is now being exploited. https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf [https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf] https://eclypsium.com/blog/ami-megarac-vulnerabilities-bmc-part-3/ [https://eclypsium.com/blog/ami-megarac-vulnerabilities-bmc-part-3/] Act now: Secure Boot certificates expire in June 2026 The Microsoft certificates used in Secure Boot are the basis of trust for operating system security, and all will be expiring beginning June 2026. https://techcommunity.microsoft.com/blog/windows-itpro-blog/act-now-secure-boot-certificates-expire-in-june-2026/4426856 [https://techcommunity.microsoft.com/blog/windows-itpro-blog/act-now-secure-boot-certificates-expire-in-june-2026/4426856] The Windows Resiliency Initiative: Building resilience for a future-ready enterprise Microsoft announced more details about its future security and resilience strategy for Windows. In particular, security tools will no longer have kernel access, which is supposed to prevent a repeat of the Cloudflare issue, but may also restrict security tools functionality. https://blogs.windows.com/windowsexperience/2025/06/26/the-windows-resiliency-initiative-building-resilience-for-a-future-ready-enterprise/ [https://blogs.windows.com/windowsexperience/2025/06/26/the-windows-resiliency-initiative-building-resilience-for-a-future-ready-enterprise/]

30. jun. 2025 - 7 min
episode SANS Stormcast Friday, June 27th, 2025: Open-VSX Flaw; Airoha Bluetooth Vulnerablity; Critical Cisco Identity Service Engine Vuln; artwork
SANS Stormcast Friday, June 27th, 2025: Open-VSX Flaw; Airoha Bluetooth Vulnerablity; Critical Cisco Identity Service Engine Vuln;

Open-VSX Flaw Puts Developers at Risk A flaw in the open-vsx extension marketplace could have let to the compromise of any extension offered by the marketplace. https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44 [https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44] Bluetooth Vulnerability Could Allow Eavesdropping A vulnerability in the widely used Airoha Bluetooth chipset can be used to compromise devices and use them for eavesdropping. https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/ [https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/] Critical Cisco Identity Services Engine Vulnerability Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 [https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6]

27. jun. 2025 - 6 min
episode SANS Stormcast Thursday, June 26th, 2025: Another Netscaler Vuln; CentOS Web Panel Vuln; IP Based Certs artwork
SANS Stormcast Thursday, June 26th, 2025: Another Netscaler Vuln; CentOS Web Panel Vuln; IP Based Certs

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543 Citrix patched a memory overflow vulnerability leading to unintended control flow and denial of service. https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 [https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788] Remote code execution in CentOS Web Panel - CVE-2025-48703 An arbitrary file upload vulnerability in the user (not admin) part of Web Panel can be used to execute arbitrary code https://fenrisk.com/rce-centos-webpanel [https://fenrisk.com/rce-centos-webpanel] Gogs Arbitrary File Deletion Vulnerability Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution. https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7 [https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7] Let s Encrypt Will Soon Issue IP Address-Based Certs Let s Encrypt is almost ready to issue certificates for IP address SANs from Let's Encrypt's production environment. They'll only be available under the short-lived profile (which has a 6-day validity period), and that profile will remain allowlist-only for a while. https://community.letsencrypt.org/t/getting-ready-to-issue-ip-address-certificates/238777 [https://community.letsencrypt.org/t/getting-ready-to-issue-ip-address-certificates/238777]

26. jun. 2025 - 5 min
episode SANS Stormcast Tuesday, June 24th, 2025: Telnet/SSH Scan Evolution; Fake Sonicwall Software; File-Fix vs Click-Fix artwork
SANS Stormcast Tuesday, June 24th, 2025: Telnet/SSH Scan Evolution; Fake Sonicwall Software; File-Fix vs Click-Fix

Quick Password Brute Forcing Evolution Statistics After collecting usernames and passwords from our ssh and telnet honeypots for about a decade, I took a look back at how scans changed. Attackers are attempting more passwords in each scans than they used to, but the average length of passwords did not change. https://isc.sans.edu/diary/Quick%20Password%20Brute%20Forcing%20Evolution%20Statistics/32068 [https://isc.sans.edu/diary/Quick%20Password%20Brute%20Forcing%20Evolution%20Statistics/32068] Introducing FileFix A New Alternative to ClickFix Attacks Attackers may trick the user into copy/pasting strings into file explorer, which will execute commands similar to the ClickFix attack that tricks users into copy pasting the command into the start menu s cmd feature. https://www.mobile-hacker.com/2025/06/24/introducing-filefix-a-new-alternative-to-clickfix-attacks/ [https://www.mobile-hacker.com/2025/06/24/introducing-filefix-a-new-alternative-to-clickfix-attacks/] Threat Actors Modify and Re-Create Commercial Software to Steal User s Information A fake Sonicwall Netextender clone will steal user s credentials https://www.sonicwall.com/blog/threat-actors-modify-and-re-create-commercial-software-to-steal-users-information [https://www.sonicwall.com/blog/threat-actors-modify-and-re-create-commercial-software-to-steal-users-information]

25. jun. 2025 - 4 min
episode SANS Stormcast Tuesday, June 24th, 2025: Ichano ATHome IP Camera Scans; Netscaler Vulnerability; WinRar Vulnerability artwork
SANS Stormcast Tuesday, June 24th, 2025: Ichano ATHome IP Camera Scans; Netscaler Vulnerability; WinRar Vulnerability

Scans for Ichano AtHome IP Cameras A couple days ago, a few sources started scanning for the username super_yg and the password 123. This is associated with Ichano IP Camera software. https://isc.sans.edu/diary/Scans%20for%20Ichano%20AtHome%20IP%20Cameras/32062 [https://isc.sans.edu/diary/Scans%20for%20Ichano%20AtHome%20IP%20Cameras/32062] Critical Netscaler Security Update CVE-2025-5777 CVE 2025-5777 is a critical severity vulnerability impacting NetScaler Gateway, i.e. if NetScaler has been configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. https://www.netscaler.com/blog/news/critical-security-updates-for-netscaler-netscaler-gateway-and-netscaler-console/ [https://www.netscaler.com/blog/news/critical-security-updates-for-netscaler-netscaler-gateway-and-netscaler-console/] WinRar Vulnerability CVE-2025-6218 WinRar may be tricked into extracting files into attacker-determined locations, possibly leading to remote code execution https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9 [https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9]

24. jun. 2025 - 5 min
En fantastisk app med et enormt stort udvalg af spændende podcasts. Podimo formår virkelig at lave godt indhold, der takler de lidt mere svære emner. At der så også er lydbøger oveni til en billig pris, gør at det er blevet min favorit app.
En fantastisk app med et enormt stort udvalg af spændende podcasts. Podimo formår virkelig at lave godt indhold, der takler de lidt mere svære emner. At der så også er lydbøger oveni til en billig pris, gør at det er blevet min favorit app.
Rigtig god tjeneste med gode eksklusive podcasts og derudover et kæmpe udvalg af podcasts og lydbøger. Kan varmt anbefales, om ikke andet så udelukkende pga Dårligdommerne, Klovn podcast, Hakkedrengene og Han duo 😁 👍
Podimo er blevet uundværlig! Til lange bilture, hverdagen, rengøringen og i det hele taget, når man trænger til lidt adspredelse.

Begrænset tilbud

3 måneder kun 9,00 kr.

Derefter 99,00 kr. / månedIngen binding.

Eksklusive podcasts

Uden reklamer

Gratis podcasts

Lydbøger

20 timer / måned

Kom i gang

Kun på Podimo

Populære lydbøger