SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
ചാനൽ വിവരങ്ങൾ
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listene...
സമീപകാല എപ്പിസോഡുകൾ
2281 എപ്പിസോഡുകൾ
SANS Stormcast Friday, September 19th, 2025: Honeypot File Analysis (@sans_edu); SonicWall Breach; DeepSeek Bias; Chrome 0-day
Exploring Uploads in a Dshield Honeypot Environment
This guest diary by one of our SANS.edu undergraduate interns shows how to analyze fi...
SANS Stormcast Thursday, September 18th, 2025: DLL Hooking; Entra ID Actor Tokens; Watchguard and NVidia Patches
CTRL-Z DLL Hooking
Attackers may use a simple reload trick to overwrite breakpoints left by analysts to reverse malicious binaries.
...
SANS Stormcast Wednesday, September 17th, 2025: Phishing Resistants; More npm Attacks; ChatGPT MCP abuse
Why You Need Phishing-Resistant Authentication NOW.
The recent compromise of a number of high-profile npmjs.com accounts has yet again sh...
SANS Stormcast Tuesday, September 16th, 2025: Apple Updates; Rust Phishing; Samsung 0-day
Apple Updates
Apple released major updates for all of its operating systems. In addition to new features, these updates patch 33 differen...
SANS Stormcast Monday, September 15th, 2025: More Archives; Salesforce Attacks; White Cobra; BSides Augusta
Web Searches For Archives
Didier observed additional file types being searched for as attackers continue to focus on archive files as the...
SANS Stormcast Friday, September 12th, 2025: DShield SIEM Update; Another Sonicwall Warning; Website Keystroke Logging
DShield SIEM Docker Updates
Guy updated the DShield SIEM which graphically summarizes what is happening inside your honeypot.
SANS Stormcast Thursday, September 11th, 2025: BASE64 in DNS; Google Chrome, Ivantii and Sophos Patches; Apple Memory Integrity Feature
BASE64 Over DNS
The base64 character set exceeds what is allowable in DNS. However, some implementations will work even with these inval...
SANS Stormcast Wednesday, September 10th, 2025: Microsoft Patch Tuesday;
Microsoft Patch Tuesday
As part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Mic...
SANS Stormcast Tuesday, September 9th, 2025: Major npm compromise; HTTP Request Signature
Major npm compromise
A number of high-profile npm libraries were compromised after developers fell for a phishing email. This compromise...
SANS Stormcast Monday, September 8th, 2025: YARA to Debugger Offsets; SVG JavaScript Phishing; FreePBX Patches;
From YARA Offsets to Virtual Addresses
Xavier explains how to convert offsets reported by YARA into offsets suitable for the use with deb...
SANS Stormcast Friday, September 5th, 2025: Cloudflare Response to 1.1.1.1 Certificate; AI Modem Namespace Reuse; macOS Vulnerability Allowed Keychain Decryption
Unauthorized Issuance of Certificate for 1.1.1.1
Cloudflare published a blog post with more details regarding the bad 1.1.1.1 certificate...
SANS Stormcast Thursday, September 4th, 2025: Dassault DELMIA Apriso Exploit Attempts; Android Updates; 1.1.1.1 Certificate Issued
Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086
Our honeypots detected attacks against the manufacturing management system DEL...
SANS Stormcast Wednesday, September 3rd, 2025: Sextortiion Analysis; Covert Channel DNS/ICMP; Azure AD Secret Theft; Official FreePBX Patches
A Quick Look at Sextortion at Scale
Jan analyzed 1900 different sextortion messages using 205 different Bitcoin addresses to look at the...
SANS Stormcast Tuesday, September 2nd, 2025: pdf-parser Patch; Salesloft Compromise; Velociraptor Abuse; NeuVector Default Password
pdf-parser: All Streams
Didier released a new version of pdf-parser.py. This version fixes a problem with dumping all filtered streams.
SANS Stormcast Friday, August 29th, 2025: Scans for ZIP Files; FreePBX 0-Day; Passwordstate Patch
Increasing Searches for ZIP Files
Attackers are scanning our honeypots more and more for .zip files. They are looking for backups of cred...
SANS Stormcast Thursday, August 28th, 2025: Launching Shellcode; NX Compromise; Volt Typhoon Report
Interesting Technique to Launch a Shellcode
Xavier came across malware that PowerShell and the CallWindowProcA() API to launch code.
SANS Stormcast Wednesday, August 27th, 2025: Analyzing IDNs; Netscaler 0-Day Vuln; Git Vuln Exploited;
Getting a Better Handle on International Domain Names and Punycode
International Domain names can be used for phishing and other attacks....
SANS Stormcast Tuesday, August 26th, 2025: Decoding Word Reading Location; Image Downscaling AI Vulnerability; IBM Jazz Team Server Vuln
Reading Location Position Value in Microsoft Word Documents
Jessy investigated how Word documents store the last visited document locatio...
SANS Stormcast Monday, August 25th, 2025: IP Cleanup; Linux Desktop Attacks; Malicious Go SSH Brute Forcer; Onmicrosoft Domain Restrictions
The end of an era: Properly formatted IP addresses in all of our data.
When initiall designing DShield, addresses were zero padded , an...
SANS Stormcast Friday, August 22nd, 2025: The -n switch; Commvault Exploit; Docker Desktop Escape Vuln;
Don't Forget The "-n" Command Line Switch
Disabling reverse DNS lookups for IP addresses is important not just for performance, but also...
SANS Stormcast Thursday, August 21st, 2025: Airtel Scans; Apple Patch; Microsoft Copilot Audit Log Issue; Password Manager Clickjacking
Airtel Router Scans and Mislabeled Usernames
A quick summary of some odd usernames that show up in our honeypot logs
https:/...
SANS Stormcast Wednesday, August 20th, 2025: Increased Elasticsearch Scans; MSFT Patch Issues
Increased Elasticsearch Recognizance Scans
Our honeypots noted an increase in reconnaissance scans for Elasticsearch. In particular, the...
SANS Stormcast Tuesday, August 19th, 2025: MFA Bombing; Cisco Firewall Management Vuln; F5 Access for Android Vuln;
Keeping an Eye on MFA Bombing Attacks
Attackers will attempt to use authentication fatigue by bombing users with MFA authentication req...
SANS Stormcast Monday, August 18th, 2025: 5G Attack Framework; Plex Vulnerability; Fortiweb Exploit; Flowise Vuln
SNI5GECT: Sniffing and Injecting 5G Traffic Without Rogue Base Stations
Researchers from the Singapore University of Technology and Desig...
SANS Stormcast Friday, August 15th, 2025: Analysing Attack with AI; Proxyware via YouTube; Xerox FreeFlow Vuln; Evaluating Zero Trust @SANS_edu
AI and Faster Attack Analysis
A few use cases for LLMs to speed up analysis
https://isc.sans.edu/diary/AI%20and%20Faster%20A...
SANS Stormcast Thursday, August 14th, 2025: Equation Editor; Kerberos Patch; XZ-Utils Backdoor; ForitSIEM/FortiWeb patches
CVE-2017-11882 Will Never Die
The (very) old equation editor vulnerability is still being exploited, as this recent sample analyzed by Xa...
SANS Stormcast Wednesday, August 13th, 2025: Microsoft Patch Tuesday; libarchive vulnerability upgrade; Adobe Patches
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20August%202025%20Patch%20Tuesday/32192
https://cymulate.com/bl...
SANS Stormcast Tuesday, August 12th, 2025: Erlang OTP SSH Exploits (Palo Alto Networks); Winrar Exploits; Netscaler Exploits; OpenSSH Pushing PQ Crypto;
Erlang OTP SSH Exploits
A recently patched and easily exploited vulnerability in Erlang/OTP SSH is being exploited. Palo Alto collected s...
SANS Stormcast Monday, August 11th, 2025: Fake Tesla Preorders; Bad USB Cameras; Win-DoS Epidemic
Google Paid Ads for Fake Tesla Websites
Someone is setting up fake Tesla lookalike websites that attempt to collect credit card data from...
SANS Stormcast Friday, August 8th, 2025:: ASN43350 Mass Scans; HTTP1.1 Must Die; Hyprid Exchange Vuln; Sonicwall Update; SANS.edu Research: OSS Security and Shifting Left
Mass Internet Scanning from ASN 43350
Our undergraduate intern Duncan Woosley wrote up aggressive scans from ASN 43350
https...
SANS Stormcast Thursday, August 7th, 2025: Sextortion Update; Adobe and Trend Micro release emergency patches
Do Sextortion Scams Still Work in 2025?
Jan looked at recent sextortion emails to check if any of the crypto addresses in these emails re...
SANS Stormcast Wednesday, August 6th, 2025: Machinekeys and VIEWSTATEs; Perplexity Unethical Learning; SonicWall Updates
Stealing Machinekeys for fun and profit (or riding the SharePoint wave)
Bojan explains in detail how .NET uses Machine Keys to protect th...
SANS Stormcast Tuesday, August 05, 2025: Daily Trends Report; NVidia Triton RCE; Cursor AI Misconfiguration
Daily Trends Report
A new trends report will bring you daily data highlights via e-mail.
https://isc.sans.edu/diary/New%20Fe...
SANS Stormcast Monday, August 4th, 2025: Legacy Protocols; Sonicwall SSL VPN Possible 0-Day;
Scans for pop3user with guessable password
A particular IP assigned to a network that calls itself Unmanaged has been scanning telnet/s...
SANS Stormcast Friday, August 1st, 2025: Scattered Spider Domains; Excel Blocking Dangerous Links; CISA Releasing Thorium Platform
Scattered Spider Related Domain Names
A quick demo of our domain feeds and how they can be used to find Scattered Spider related domains<...
SANS Stormcast Thursday July 31st, 2025: Firebase Security; WebKit Vuln Exploited; Scattered Spider Update
Securing Firebase: Lessons Re-Learned from the Tea Breach
Inspried by the breach of the Tea app, Brendon Evans recorded a video to inform...
SANS Stormcast Wednesday July 30th, 2025: Apple Updates; Python Triage; Papercut Vuln Exploited
Apple Updates Everything: July 2025 Edition
Apple released updates for all of its operating systems patching 89 different vulnerabilities...
SANS Stormcast Tuesday, July 29th, 2025:Parasitic Exploits; Cisco ISE Exploit; MyASUS Vuln
Parasitic SharePoint Exploits
We are seeing attacks against SharePoint itself and attempts to exploit backdoors left behind by attackers....
SANS Stormcast Monday, July 28th, 2025: Linux Namespaces; UI Automation Abuse; Autoswagger
Linux Namespaces
Linux namespaces can be used to control networking features on a process-by-process basis. This is useful when trying to...
SANS Stormcast Friday, July 25th, 2025: ficheck.py; Mital and SonicWall Patches
New File Integrity Tool: ficheck.py
Jim created a new tool, ficheck.py, that can be used to verify file integrity. It is a drop-in replac...