RunAs Radio is a weekly Internet Audio Talk Show for IT Professionals working with Microsoft products.
…
continue reading
Internet Information Server Podcasts
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
…
continue reading
Intro – Hi, my names Kyle Aitken and this is a short documentary about the problems of Cyber Security at work. Interview 1 – Hello my names Neil Martin, I don’t know wither that’s the first thing I shouldn’t be saying, given the fact were talking about security. But since you don’t know where I am or where I live, we should be ok at that level. I work as an internet and security specialist, em, I work in mainly the financial sector, but also in various other business areas. Em, I specialize ...
…
continue reading
1
SANS Stormcast Friday, September 5th, 2025: Cloudflare Response to 1.1.1.1 Certificate; AI Modem Namespace Reuse; macOS Vulnerability Allowed Keychain Decryption (#)
8:19
8:19
Play later
Play later
Lists
Like
Liked
8:19
SANS Stormcast Friday, September 5th, 2025: Cloudflare Response to 1.1.1.1 Certificate; AI Modem Namespace Reuse; macOS Vulnerability Allowed Keychain Decryption Unauthorized Issuance of Certificate for 1.1.1.1 Cloudflare published a blog post with more details regarding the bad 1.1.1.1 certificate that was issued by Fina. https://blog.cloudflare.c…
…
continue reading
1
SANS Stormcast Thursday, September 4th, 2025: Dassault DELMIA Apriso Exploit Attempts; Android Updates; 1.1.1.1 Certificate Issued (#)
6:22
6:22
Play later
Play later
Lists
Like
Liked
6:22
SANS Stormcast Thursday, September 4th, 2025: Dassault DELMIA Apriso Exploit Attempts; Android Updates; 1.1.1.1 Certificate Issued Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086 Our honeypots detected attacks against the manufacturing management system DELMIA Apriso. The deserialization vulnerability was patched in June and is one of a …
…
continue reading
Episode 1000! Richard Campbell invites Paul Thurrott to join him to celebrate the milestone episode and answer questions from listeners. From the creation of the podcast to the role of Windows in the modern world, the impact of ARM, Cloud, and many other technologies - all addressed in this super-sized episode. And yes, artificial intelligence is p…
…
continue reading
1
SANS Stormcast Wednesday, September 3rd, 2025: Sextortiion Analysis; Covert Channel DNS/ICMP; Azure AD Secret Theft; Official FreePBX Patches (#)
5:30
5:30
Play later
Play later
Lists
Like
Liked
5:30
SANS Stormcast Wednesday, September 3rd, 2025: Sextortiion Analysis; Covert Channel DNS/ICMP; Azure AD Secret Theft; Official FreePBX Patches A Quick Look at Sextortion at Scale Jan analyzed 1900 different sextortion messages using 205 different Bitcoin addresses to look at the success rate, lifetime, and other metrics defining these campaigns. htt…
…
continue reading
1
SANS Stormcast Tuesday, September 2nd, 2025: pdf-parser Patch; Salesloft Compromise; Velociraptor Abuse; NeuVector Default Password (#)
5:39
5:39
Play later
Play later
Lists
Like
Liked
5:39
SANS Stormcast Tuesday, September 2nd, 2025: pdf-parser Patch; Salesloft Compromise; Velociraptor Abuse; NeuVector Default Password pdf-parser: All Streams Didier released a new version of pdf-parser.py. This version fixes a problem with dumping all filtered streams. https://isc.sans.edu/diary/pdf-parser%3A%20All%20Streams/32248 Salesloft Drift Put…
…
continue reading
1
SANS Stormcast Friday, August 29th, 2025: Scans for ZIP Files; FreePBX 0-Day; Passwordstate Patch (#)
5:46
5:46
Play later
Play later
Lists
Like
Liked
5:46
SANS Stormcast Friday, August 29th, 2025: Scans for ZIP Files; FreePBX 0-Day; Passwordstate Patch Increasing Searches for ZIP Files Attackers are scanning our honeypots more and more for .zip files. They are looking for backups of credential files and the like left behind by careless administrators and developers. https://isc.sans.edu/diary/Increas…
…
continue reading
1
SANS Stormcast Thursday, August 28th, 2025: Launching Shellcode; NX Compromise; Volt Typhoon Report (#)
6:39
6:39
Play later
Play later
Lists
Like
Liked
6:39
SANS Stormcast Thursday, August 28th, 2025: Launching Shellcode; NX Compromise; Volt Typhoon Report Interesting Technique to Launch a Shellcode Xavier came across malware that PowerShell and the CallWindowProcA() API to launch code. https://isc.sans.edu/diary/Interesting%20Technique%20to%20Launch%20a%20Shellcode/32238 NX Compromised to Steal Wallet…
…
continue reading
What are common mistakes folks are making with their Azure tenant(s)? While at the Kansas City Developers Conference, Richard chatted with Scott Sauber to run down his top ten list of issues he checks on for all his customers using Azure. From tenant ownership to naming conventions, policies, identities, and cost controls - there are a lot of thing…
…
continue reading
1
SANS Stormcast Wednesday, August 27th, 2025: Analyzing IDNs; Netscaler 0-Day Vuln; Git Vuln Exploited; (#)
5:43
5:43
Play later
Play later
Lists
Like
Liked
5:43
SANS Stormcast Wednesday, August 27th, 2025: Analyzing IDNs; Netscaler 0-Day Vuln; Git Vuln Exploited; Getting a Better Handle on International Domain Names and Punycode International Domain names can be used for phishing and other attacks. One way to identify suspect names is to look for mixed script use. https://isc.sans.edu/diary/Getting%20a%20B…
…
continue reading
1
SANS Stormcast Tuesday, August 26th, 2025: Decoding Word Reading Location; Image Downscaling AI Vulnerability; IBM Jazz Team Server Vuln (#)
5:01
5:01
Play later
Play later
Lists
Like
Liked
5:01
SANS Stormcast Tuesday, August 26th, 2025: Decoding Word Reading Location; Image Downscaling AI Vulnerability; IBM Jazz Team Server Vuln Reading Location Position Value in Microsoft Word Documents Jessy investigated how Word documents store the last visited document location in the registry. https://isc.sans.edu/diary/Reading%20Location%20Position%…
…
continue reading
1
SANS Stormcast Monday, August 25th, 2025: IP Cleanup; Linux Desktop Attacks; Malicious Go SSH Brute Forcer; Onmicrosoft Domain Restrictions (#)
6:04
6:04
Play later
Play later
Lists
Like
Liked
6:04
SANS Stormcast Monday, August 25th, 2025: IP Cleanup; Linux Desktop Attacks; Malicious Go SSH Brute Forcer; Onmicrosoft Domain Restrictions The end of an era: Properly formatted IP addresses in all of our data. When initiall designing DShield, addresses were “zero padded”, an unfortunate choice. As of this week, datafeeds should no longer be “zero …
…
continue reading
1
SANS Stormcast Friday, August 22nd, 2025: The -n switch; Commvault Exploit; Docker Desktop Escape Vuln; (#)
6:52
6:52
Play later
Play later
Lists
Like
Liked
6:52
SANS Stormcast Friday, August 22nd, 2025: The -n switch; Commvault Exploit; Docker Desktop Escape Vuln; Don't Forget The "-n" Command Line Switch Disabling reverse DNS lookups for IP addresses is important not just for performance, but also for opsec. Xavier is explaining some of the risks. https://isc.sans.edu/diary/Don%27t%20Forget%20The%20%22-n%…
…
continue reading
1
SANS Stormcast Thursday, August 21st, 2025: Airtel Scans; Apple Patch; Microsoft Copilot Audit Log Issue; Password Manager Clickjacking (#)
6:52
6:52
Play later
Play later
Lists
Like
Liked
6:52
SANS Stormcast Thursday, August 21st, 2025: Airtel Scans; Apple Patch; Microsoft Copilot Audit Log Issue; Password Manager Clickjacking Airtel Router Scans and Mislabeled Usernames A quick summary of some odd usernames that show up in our honeypot logs https://isc.sans.edu/diary/Airtel%20Router%20Scans%2C%20and%20Mislabeled%20usernames/32216 Apple …
…
continue reading
1
SANS Stormcast Wednesday, August 20th, 2025: Increased Elasticsearch Scans; MSFT Patch Issues (#)
6:08
6:08
Play later
Play later
Lists
Like
Liked
6:08
SANS Stormcast Wednesday, August 20th, 2025: Increased Elasticsearch Scans; MSFT Patch Issues Increased Elasticsearch Recognizance Scans Our honeypots noted an increase in reconnaissance scans for Elasticsearch. In particular, the endpoint /_cluster/settings is hit hard. https://isc.sans.edu/diary/Increased%20Elasticsearch%20Recognizance%20Scans/32…
…
continue reading
How do you secure your organization's data to let AI technologies work safely? Richard chats with Martina Grom about her experiences helping sysadmins responsibly bring the power of Microsoft M365 Copilot into their organizations. Martina discusses setting up security and monitoring with tools like Microsoft Purview, enabling visibility into where …
…
continue reading
1
SANS Stormcast Tuesday, August 19th, 2025: MFA Bombing; Cisco Firewall Management Vuln; F5 Access for Android Vuln; (#)
5:11
5:11
Play later
Play later
Lists
Like
Liked
5:11
SANS Stormcast Tuesday, August 19th, 2025: MFA Bombing; Cisco Firewall Management Vuln; F5 Access for Android Vuln; Keeping an Eye on MFA Bombing Attacks Attackers will attempt to use authentication fatigue by “bombing” users with MFA authentication requests. Rob is talking in this diary about how to investigate these attacks in a Microsoft ecosyst…
…
continue reading
1
SANS Stormcast Monday, August 18th, 2025: 5G Attack Framework; Plex Vulnerability; Fortiweb Exploit; Flowise Vuln (#)
5:43
5:43
Play later
Play later
Lists
Like
Liked
5:43
SANS Stormcast Monday, August 18th, 2025: 5G Attack Framework; Plex Vulnerability; Fortiweb Exploit; Flowise Vuln SNI5GECT: Sniffing and Injecting 5G Traffic Without Rogue Base Stations Researchers from the Singapore University of Technology and Design released a new framework, SNI5GECT, to passively sniff and inject traffic into 5G data streams, l…
…
continue reading
1
SANS Stormcast Friday, August 15th, 2025: Analysing Attack with AI; Proxyware via YouTube; Xerox FreeFlow Vuln; Evaluating Zero Trust @SANS_edu (#)
15:12
15:12
Play later
Play later
Lists
Like
Liked
15:12
SANS Stormcast Friday, August 15th, 2025: Analysing Attack with AI; Proxyware via YouTube; Xerox FreeFlow Vuln; Evaluating Zero Trust @SANS_edu AI and Faster Attack Analysis A few use cases for LLMs to speed up analysis https://isc.sans.edu/diary/AI%20and%20Faster%20Attack%20Analysis%20%5BGuest%20Diary%5D/32198 Proxyware Malware Being Distributed o…
…
continue reading
1
SANS Stormcast Thursday, August 14th, 2025: Equation Editor; Kerberos Patch; XZ-Utils Backdoor; ForitSIEM/FortiWeb patches (#)
7:16
7:16
Play later
Play later
Lists
Like
Liked
7:16
SANS Stormcast Thursday, August 14th, 2025: Equation Editor; Kerberos Patch; XZ-Utils Backdoor; ForitSIEM/FortiWeb patches CVE-2017-11882 Will Never Die The (very) old equation editor vulnerability is still being exploited, as this recent sample analyzed by Xavier shows. The payload of the Excel file attempts to download and execute an infostealer …
…
continue reading
Are you tapping the power of Microsoft Graph? Richard chats with Tony Redmond about his work teaching people to leverage Microsoft Graph and all the insights it can provide about their organization. Tony views Graph as one of the key skills a sysadmin needs to manage an M365 tenant, alongside Exchange Online, SharePoint, and Teams. Throw in some En…
…
continue reading
1
SANS Stormcast Wednesday, August 13th, 2025: Microsoft Patch Tuesday; libarchive vulnerability upgrade; Adobe Patches (#)
8:55
8:55
Play later
Play later
Lists
Like
Liked
8:55
SANS Stormcast Wednesday, August 13th, 2025: Microsoft Patch Tuesday; libarchive vulnerability upgrade; Adobe Patches Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20August%202025%20Patch%20Tuesday/32192 https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/ libarchive Vulnerability A libarchive…
…
continue reading
