Best Exchange Server Podcasts (2025)

1
Cracks in the wall. [Research Saturday] 13:13

Play Pause

7m ago13:13

13:13

This week, we are joined by Jamie Levy, Director of Adversary Tactics at Huntress, who is discussing their work on "Active Exploitation of SonicWall VPNs." Huntress has released an urgent threat advisory on active exploitation of SonicWall VPNs, with attackers bypassing MFA, pivoting to domain controllers, and ultimately deploying Akira ransomware.…

1
Ransomware sick day. 25:12

8m ago25:12

25:12

A suspected ransomware attack disrupts hundreds of Swedish municipalities. Google warns Gmail users of emerging cyberattacks tied to the ShinyHunters group. A malicious supply chain attack hits the npm registry. Senators press AFLAC for answers following a data breach. Law enforcement takedowns splinter the ransomware ecosystem. The FBI and Dutch p…

1
SANS Stormcast Friday, August 29th, 2025: Scans for ZIP Files; FreePBX 0-Day; Passwordstate Patch 5:45

2h ago5:45

5:45

Increasing Searches for ZIP Files Attackers are scanning our honeypots more and more for .zip files. They are looking for backups of credential files and the like left behind by careless administrators and developers. https://isc.sans.edu/diary/Increasing%20Searches%20for%20ZIP%20Files/32242 FreePBX Vulnerability An upatched vulnerability in FreePB…

1
Listening in on the listeners. 29:15

1d ago29:15

29:15

The FBI shares revelations on Salt Typhoon’s reach. Former NSA and FBI directors sound alarm on infrastructure cybersecurity gaps. Google is launching a new cyber “disruption unit”. A new report highlights cyber risks to the maritime industry. A Pennsylvania healthcare provider suffers a data breach affecting over six hundred thousand individuals. …

1
SANS Stormcast Thursday, August 28th, 2025: Launching Shellcode; NX Compromise; Volt Typhoon Report 6:39

8h ago6:39

6:39

Interesting Technique to Launch a Shellcode Xavier came across malware that PowerShell and the CallWindowProcA() API to launch code. https://isc.sans.edu/diary/Interesting%20Technique%20to%20Launch%20a%20Shellcode/32238 NX Compromised to Steal Wallets and Credentials The popular open source NX build package was compromised. Code was added that uses…

1
Whistle-blown and wide open. 25:57

14h ago25:57

25:57

A whistle-blower claims DOGE uploaded a sensitive Social Security database to a vulnerable cloud server. Allies push back against North Korean IT scams. ZipLine is a sophisticated phishing campaign targeting U.S.-based manufacturing. Researchers uncover a residential proxy network operating across at least 20 U.S. states. Flock Safety license plate…

1
SANS Stormcast Wednesday, August 27th, 2025: Analyzing IDNs; Netscaler 0-Day Vuln; Git Vuln Exploited; 5:43

1d ago5:43

5:43

Getting a Better Handle on International Domain Names and Punycode International Domain names can be used for phishing and other attacks. One way to identify suspect names is to look for mixed script use. https://isc.sans.edu/diary/Getting%20a%20Better%20Handle%20on%20International%20Domain%20Names%20and%20Punycode/32234 Citrix Netscaler Vulnerabil…

1
Common Azure Mistakes with Scott Sauber 34:06

1d ago34:06

34:06

What are common mistakes folks are making with their Azure tenant(s)? While at the Kansas City Developers Conference, Richard chatted with Scott Sauber to run down his top ten list of issues he checks on for all his customers using Azure. From tenant ownership to naming conventions, policies, identities, and cost controls - there are a lot of thing…

1
Rolling the dice on cybersecurity. 26:30

1d ago26:30

26:30

A cyberattack disrupts state systems in Nevada. A China-linked threat actor targets Southeast Asian diplomats. A new attack method hides malicious prompts inside images processed by AI systems.Experts ponder preventing AI agents from going rogue. A new study finds AI is hitting entry-level jobs hardest. Michigan’s Supreme Court upholds limits on ce…

1
SANS Stormcast Tuesday, August 26th, 2025: Decoding Word Reading Location; Image Downscaling AI Vulnerability; IBM Jazz Team Server Vuln 5:01

2d ago5:01

5:01

Reading Location Position Value in Microsoft Word Documents Jessy investigated how Word documents store the last visited document location in the registry. https://isc.sans.edu/diary/Reading%20Location%20Position%20Value%20in%20Microsoft%20Word%20Documents/32224 Weaponizing image scaling against production AI systems AI systems often downscale imag…

1
A farmers market of stolen data. 22:12

3d ago22:12

22:12

Farmers Insurance discloses a data breach affecting over a million people. Agentic AI tools fall for common scams. A new bill in Congress looks to revive letters of marque for the digital age. Cybercriminals target macOS users with the Shamos infostealer. New Android spyware masquerades as antivirus to target Russian business executives. CISA seeks…

1
SANS Stormcast Monday, August 25th, 2025: IP Cleanup; Linux Desktop Attacks; Malicious Go SSH Brute Forcer; Onmicrosoft Domain Restrictions 6:04

4d ago6:04

6:04

The end of an era: Properly formatted IP addresses in all of our data. When initiall designing DShield, addresses were zero padded , an unfortunate choice. As of this week, datafeeds should no longer be zero padded . https://isc.sans.edu/diary/The%20end%20of%20an%20era%3A%20Properly%20formated%20IP%20addresses%20in%20all%20of%20our%20data./32228 .d…

1
Julian Waits: Find a way to help society. [Serial Entrepreneur] [Career Notes] 11:04

6d ago11:04

11:04

Please enjoy this encore of Career Notes. Senior Vice President and Executive in Residence with Rapid7 and Chairman for Cyversity, Julian Waits, grew up in the era of the Justice League and Superman and it shaped his career. Julian always wanted to do something where he could find a way to help society to basically help others. Starting out as a Ba…

1
Beyond the smoke screen. [Research Saturday] 22:22

5d ago22:22

22:22

This week, we are joined by Dr. Renée Burton, VP of Infoblox Threat Intel, who is discussing their work on VexTrio, a notorious traffic distribution system (TDS) involved in digital fraud. The VexTrio investigation uncovers a massive global ad fraud and scam operation powered by just 250 virtual machines, tying it directly to named individuals and …

1
A free speech showdown. 31:48

6d ago31:48

31:48

The FTC warns one country’s “online safety” may be another’s “censorship.” A new bipartisan bill aims to reduce barriers to federal cyber jobs. MURKY PANDA targets government, technology, academia, legal, and professional services in North America. MITRE updates their hardware weaknesses list. Customs and Border Protection conducts a record number …

1
SANS Stormcast Friday, August 22nd, 2025: The -n switch; Commvault Exploit; Docker Desktop Escape Vuln; 6:52

6d ago6:52

6:52

Don't Forget The "-n" Command Line Switch Disabling reverse DNS lookups for IP addresses is important not just for performance, but also for opsec. Xavier is explaining some of the risks. https://isc.sans.edu/diary/Don%27t%20Forget%20The%20%22-n%22%20Command%20Line%20Switch/32220 watchTowr releases details about recent Commvault flaws Users of the …

1
Behind the lock lies a flaw. 24:35

7d ago24:35

24:35

Zero-day clickjacking flaws affect major password managers. The FBI warns that Russian state-backed hackers are exploiting a long-known Cisco flaw. Apple releases emergency patches for a zero-day flaw in the Image I/O framework. Home Depot faces a proposed class action lawsuit accusing it of secretly using facial recognition at self-checkout kiosks…

1
SANS Stormcast Thursday, August 21st, 2025: Airtel Scans; Apple Patch; Microsoft Copilot Audit Log Issue; Password Manager Clickjacking 6:52

7d ago6:52

6:52

Airtel Router Scans and Mislabeled Usernames A quick summary of some odd usernames that show up in our honeypot logs https://isc.sans.edu/diary/Airtel%20Router%20Scans%2C%20and%20Mislabeled%20usernames/32216 Apple Patches 0-Day CVE-2025-43300 Apple released an update for iOS, iPadOS and MacOS today patching a single, already exploited, vulnerabilit…

1
Undoing the undo bug. 32:06

8d ago32:06

32:06

Microsoft releases emergency out-of-band (OOB) Windows updates. Trump targets NSA’s leading AI and cyber expert in clearance revocations. A breach may have compromised the privacy of Ohio medical marijuana patients. Cybercriminals exploit an AI website builder to rapidly create phishing sites. Warlock ransomware operators target Microsoft’s SharePo…

1
SANS Stormcast Wednesday, August 20th, 2025: Increased Elasticsearch Scans; MSFT Patch Issues 6:07

8d ago6:07

6:07

Increased Elasticsearch Recognizance Scans Our honeypots noted an increase in reconnaissance scans for Elasticsearch. In particular, the endpoint /_cluster/settings is hit hard. https://isc.sans.edu/diary/Increased%20Elasticsearch%20Recognizance%20Scans/32212 Microsoft Patch Tuesday Issues Microsoft noted some issues deploying the most recent patch…

1
Data Governance for AI with Martina Grom 38:43

9d ago38:43

38:43

How do you secure your organization's data to let AI technologies work safely? Richard chats with Martina Grom about her experiences helping sysadmins responsibly bring the power of Microsoft M365 Copilot into their organizations. Martina discusses setting up security and monitoring with tools like Microsoft Purview, enabling visibility into where …

1
Inside Intel’s internal web maze. 26:18

9d ago26:18

26:18

A researcher uncovers vulnerabilities across Intel’s internal websites that exposed sensitive employee and supplier data. The Kimsuky group (APT43) targets South Korean diplomatic missions. A new DDoS vulnerability bypasses the 2023 “Rapid Reset” fix. Drug development firm Inotiv reports a ransomware attack to the SEC. The UK drops their demand tha…

1
SANS Stormcast Tuesday, August 19th, 2025: MFA Bombing; Cisco Firewall Management Vuln; F5 Access for Android Vuln; 5:10

9d ago5:10

5:10

Keeping an Eye on MFA Bombing Attacks Attackers will attempt to use authentication fatigue by bombing users with MFA authentication requests. Rob is talking in this diary about how to investigate these attacks in a Microsoft ecosystem. https://isc.sans.edu/diary/Keeping+an+Eye+on+MFABombing+Attacks/32208 Critical Cisco Secure Firewall Management Ce…

1
Workday’s bad day. 26:56

10d ago26:56

26:56

HR software giant Workday discloses a data breach. Researchers uncover a zero-day in Elastic’s EDR software. Ghost-tapping is an emerging fraud technique where cybercriminals use NFC relay attacks to exploit stolen payment card data. Germany may be on a path to ban ad blockers. A security researcher documents multiple serious flaws in McDonald’s sy…

1
SANS Stormcast Monday, August 18th, 2025: 5G Attack Framework; Plex Vulnerability; Fortiweb Exploit; Flowise Vuln 5:43

10d ago5:43

5:43

SNI5GECT: Sniffing and Injecting 5G Traffic Without Rogue Base Stations Researchers from the Singapore University of Technology and Design released a new framework, SNI5GECT, to passively sniff and inject traffic into 5G data streams, leading to DoS, downgrade and other attacks. https://isc.sans.edu/diary/SNI5GECT%3A%20Sniffing%20and%20Injecting%20…

1
The CVE countdown clock. [Research Saturday] 29:58

12d ago29:58

29:58

Bob Rudis, VP Data Science from GreyNoise, is sharing some insights into their work on "Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities." New research reveals a striking trend: in 80% of cases, spikes in malicious activity against enterprise edge technologies like VPNs and firewalls occurred weeks before related CVEs were…

1
Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes] 9:50

12d ago9:50

9:50

Please enjoy this encore of Career Notes. Head of Cyber Governance with Red Sift, Dr. Rois Ni Thuama shares the circuitous route of her career into cyber governance. She notes the route "looks really clean, but actually it was a bit more Jeremy Bearimy." While at Trinity College, Rois was moved to be part of history unfolding in South Africa and pa…

1
Media server mayday. 29:33

13d ago29:33

29:33

Plex urges users to immediately update their Media Server due to an undisclosed security flaw. Cisco warns of a critical remote code execution flaw in their Secure Firewall Management Center software.Rockwell Automation discloses multiple critical and high-severity flaws. Hackers breached a Canadian House of Commons database. Active law enforcement…

1
SANS Stormcast Friday, August 15th, 2025: Analysing Attack with AI; Proxyware via YouTube; Xerox FreeFlow Vuln; Evaluating Zero Trust @SANS_edu 15:12

13d ago15:12

15:12

AI and Faster Attack Analysis A few use cases for LLMs to speed up analysis https://isc.sans.edu/diary/AI%20and%20Faster%20Attack%20Analysis%20%5BGuest%20Diary%5D/32198 Proxyware Malware Being Distributed on YouTube Video Download Site Popular YouTube download sites will attempt to infect users with proxyware. https://asec.ahnlab.com/en/89574/ Xero…

1
Dialysis down, data out. 26:46

14d ago26:46

26:46

A ransomware attack exposes personal medical records of VA patients. New joint guidance from CISA and the NSA emphasizes asset inventory and OT taxonomy. The UK government reportedly spent millions to cover up a data breach. Researchers identified two critical flaws in a widely used print orchestration platform. Phishing attacks increasingly rely o…

1
SANS Stormcast Thursday, August 14th, 2025: Equation Editor; Kerberos Patch; XZ-Utils Backdoor; ForitSIEM/FortiWeb patches 7:16

14d ago7:16

7:16

CVE-2017-11882 Will Never Die The (very) old equation editor vulnerability is still being exploited, as this recent sample analyzed by Xavier shows. The payload of the Excel file attempts to download and execute an infostealer to exfiltrate passwords via email. https://isc.sans.edu/diary/CVE-2017-11882%20Will%20Never%20Die/32196 Windows Kerberos El…

1
When spies get spied on. 28:51

15d ago28:51

28:51

Patch Tuesday. The Matrix Foundation patches high-severity vulnerabilities in its open-source communications protocol. The “Curly COMrades” Russian-aligned APT targets critical infrastructure. Microsoft tells users to ignore new CertificateServicesClient (CertEnroll) errors. Researchers uncover a malware campaign hiding the NjRat Remote Access Troj…

1
SANS Stormcast Wednesday, August 13th, 2025: Microsoft Patch Tuesday; libarchive vulnerability upgrade; Adobe Patches 8:55

15d ago8:55

8:55

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20August%202025%20Patch%20Tuesday/32192 https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/ libarchive Vulnerability A libarchive vulnerability patched in June was upgraded from a low CVSS score to a critical one. Libarchive is used by compression…

1
The Power of the Graph with Tony Redmond 40:47

16d ago40:47

40:47

Are you tapping the power of Microsoft Graph? Richard chats with Tony Redmond about his work teaching people to leverage Microsoft Graph and all the insights it can provide about their organization. Tony views Graph as one of the key skills a sysadmin needs to manage an M365 tenant, alongside Exchange Online, SharePoint, and Teams. Throw in some En…

1
Kimsuky gets kim-sunk. 28:12

16d ago28:12

28:12

Hackers leak backend data from the North Korean state-sponsored hacking group Kimsuky. A ransomware attack on a Dutch clinical diagnostics lab exposes medical data of nearly half a million women. One of the world’s largest staffing firms suffers a data breach. Saint Paul, Minnesota, confirms the Interlock ransomware gang was behind a July cyberatta…

1
SANS Stormcast Tuesday, August 12th, 2025: Erlang OTP SSH Exploits (Palo Alto Networks); Winrar Exploits; Netscaler Exploits; OpenSSH Pushing PQ Crypto; 6:52

16d ago6:52

6:52

Erlang OTP SSH Exploits A recently patched and easily exploited vulnerability in Erlang/OTP SSH is being exploited. Palo Alto collected some of the details about this exploit activity that they observed. https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/ WinRAR Exploited WinRAR vulnerabilities are actively being exploited by a number of…

1
Deadlines in the cloud. 29:50

17d ago29:50

29:50

CISA issues an Emergency Directive to urgently patch a critical vulnerability in Microsoft Exchange hybrid configurations. SoupDealer malware proves highly evasive. Google patches a Gemini calendar flaw. A North Korean espionage group pivots to financial crime. Russia’s RomCom exploits a WinRAR zero-day. Researchers turn Linux-based webcams into pe…

1
SANS Stormcast Monday, August 11th, 2025: Fake Tesla Preorders; Bad USB Cameras; Win-DoS Epidemic 7:07

17d ago7:07

7:07

Google Paid Ads for Fake Tesla Websites Someone is setting up fake Tesla lookalike websites that attempt to collect credit card data from unsuspecting users trying to preorder Tesla products. https://isc.sans.edu/diary/Google%20Paid%20Ads%20for%20Fake%20Tesla%20Websites/32186 Compromising USB Devices for Persistent Stealthy Access USB devices, like…

1
Ed Amoroso: Security shouldn't be the main dish. [Computer Science] [Career Notes] 11:03

20d ago11:03

11:03

Please enjoy this encore of Career Notes. Chief Executive Officer and Founder of TAG Cyber, Ed Amoroso, shares how he learned on the job and grew his career. In his words, Ed "went from my dad having an ARPANET connection and I'm learning Pascal, to Bell Labs, to CISO, to business, to quitting, to starting something new. And now I'm riding a new ex…

1
When malware plays pretend. [Research Saturday] 20:30

19d ago20:30

20:30

Nicolás Chiaraviglio, Chief Scientist from Zimperium's zLabs, joins to discuss their work on "Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed." Zimperium’s zLabs team has been tracking an evolving banker trojan dubbed DoubleTrouble, which has grown more sophisticated in both its distribution and capabilities. Initially spread via …

1
Reflections in a broken vault. 29:27

20d ago29:27

29:27

Researchers uncover multiple vulnerabilities in a popular open-source secrets manager. Software bugs threaten satellite safety. Columbia University confirms a cyberattack. Researchers uncover malicious NPM packages posing as WhatsApp development tools.A new EDR killer tool is being used by multiple ransomware gangs. Home Improvement stores integrat…