A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading

1
SANS Stormcast Thursday, May 1st: More Steganography; Malicious Python Packages GMail C2; BEC to Steal Rent Payments
7:16
7:16
Play later
Play later
Lists
Like
Liked
7:16Steganography Analysis With pngdump.py: Bitstreams More details from Didiear as to how to extract binary content hidden inside images https://isc.sans.edu/diary/Steganography%20Analysis%20With%20pngdump.py%3A%20Bitstreams/31904 Using Trusted Protocols Against You: Gmail as a C2 Mechanism Attackers are using typosquatting to trick developers into in…
…
continue reading

1
SANS Stormcast Thursday, May 1st: More Steganography; Malicious Python Packages GMail C2; BEC to Steal Rent Payments (#)
7:16
7:16
Play later
Play later
Lists
Like
Liked
7:16SANS Stormcast Thursday, May 1st: More Steganography; Malicious Python Packages GMail C2; BEC to Steal Rent Payments Steganography Analysis With pngdump.py: Bitstreams More details from Didiear as to how to extract binary content hidden inside images https://isc.sans.edu/diary/Steganography%20Analysis%20With%20pngdump.py%3A%20Bitstreams/31904 Using…
…
continue reading

1
SANS Stormcast Thursday, May 1st: Sonicwall Attacks; Cached Windows RDP Credentials
6:28
6:28
Play later
Play later
Lists
Like
Liked
6:28Web Scanning for Sonicwall Vulnerabilities CVE-2021-20016 For the last week, scans for Sonicwall API login and domain endpoints have skyrocketed. These attacks may be exploiting an older vulnerability or just attempting to brute force credentials. https://isc.sans.edu/diary/Web%20Scanning%20Sonicwall%20for%20CVE-2021-20016/31906 The Wizards APT Gro…
…
continue reading

1
SANS Stormcast Thursday, May 1st: Sonicwall Attacks; Cached Windows RDP Credentials (#)
6:29
6:29
Play later
Play later
Lists
Like
Liked
6:29SANS Stormcast Thursday, May 1st: Sonicwall Attacks; Cached Windows RDP Credentials Web Scanning for Sonicwall Vulnerabilities CVE-2021-20016 For the last week, scans for Sonicwall API “login” and “domain” endpoints have skyrocketed. These attacks may be exploiting an older vulnerability or just attempting to brute force credentials. https://isc.sa…
…
continue reading

1
SANS Stormcast Wednesday, April 30th: SMS Attacks; Apple Airplay Vulnerabilities
8:51
8:51
Play later
Play later
Lists
Like
Liked
8:51More Scans for SMS Gateways and APIs Attackers are not just looking for SMS Gateways like the scans we reported on last week, but they are also actively scanning for other ways to use APIs and add on tools to send messages using other people s credentials. https://isc.sans.edu/diary/More%20Scans%20for%20SMS%20Gateways%20and%20APIs/31902 AirBorne: A…
…
continue reading

1
SANS Stormcast Wednesday, April 30th: SMS Attacks; Apple Airplay Vulnerabilities (#)
8:52
8:52
Play later
Play later
Lists
Like
Liked
8:52SANS Stormcast Wednesday, April 30th: SMS Attacks; Apple Airplay Vulnerabilities More Scans for SMS Gateways and APIs Attackers are not just looking for SMS Gateways like the scans we reported on last week, but they are also actively scanning for other ways to use APIs and add on tools to send messages using other people’s credentials. https://isc.…
…
continue reading

1
SANS Stormcast Tuesday, April 29th: SRUM-DUMP 3; Policy Puppetry; Choice Jacking; @sansinstitute at #RSAC
7:37
7:37
Play later
Play later
Lists
Like
Liked
7:37SRUM-DUMP Version 3: Uncovering Malware Activity in Forensics Mark Baggett released SRUM-DUMP Version 3. The tool simplifies data extraction from Widnows System Resource Usage Monitor (SRUM). This database logs how much resources software used for 30 days, and is invaluable to find out what software was executed when and if it sent or received netw…
…
continue reading

1
SANS Stormcast Tuesday, April 29th: SRUM-DUMP 3; Policy Puppetry; Choice Jacking; @sansinstitute at #RSAC (#)
7:37
7:37
Play later
Play later
Lists
Like
Liked
7:37SANS Stormcast Tuesday, April 29th: SRUM-DUMP 3; Policy Puppetry; Choice Jacking; @sansinstitute at #RSAC SRUM-DUMP Version 3: Uncovering Malware Activity in Forensics Mark Baggett released SRUM-DUMP Version 3. The tool simplifies data extraction from Widnows’ System Resource Usage Monitor (SRUM). This database logs how much resources software used…
…
continue reading

1
SANS Stormcast Monday, April 28th: Image Steganography; SAP Netweaver Exploited
7:55
7:55
Play later
Play later
Lists
Like
Liked
7:55Example of a Payload Delivered Through Steganography Xavier and Didier published two diaries this weekend, building on each other. First, Xavier showed an example of an image being used to smuggle an executable past network defenses, and second, Didier showed how to use his tools to extract the binary. https://isc.sans.edu/diary/Example%20of%20a%20…
…
continue reading

1
SANS Stormcast Monday, April 27th: Image Steganography; SAP Netweaver Exploited (#)
7:56
7:56
Play later
Play later
Lists
Like
Liked
7:56SANS Stormcast Monday, April 27th: Image Steganography; SAP Netweaver Exploited Example of a Payload Delivered Through Steganography Xavier and Didier published two diaries this weekend, building on each other. First, Xavier showed an example of an image being used to smuggle an executable past network defenses, and second, Didier showed how to use…
…
continue reading

1
SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues;
6:38
6:38
Play later
Play later
Lists
Like
Liked
6:38Attacks against Teltonika Networks SMS Gateways Attackers are actively scanning for SMS Gateways. These attacks take advantage of default passwords and other commonly used passwords. https://isc.sans.edu/diary/Attacks%20against%20Teltonika%20Networks%20SMS%20Gateways/31888 Commvault Vulnerability CVE-2205-34028 Commvault, about a week ago, publishe…
…
continue reading

1
SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues; (#)
6:38
6:38
Play later
Play later
Lists
Like
Liked
6:38SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues; Attacks against Teltonika Networks SMS Gateways Attackers are actively scanning for SMS Gateways. These attacks take advantage of default passwords and other commonly used passwords. https://isc.sans.edu/diary/Attacks%20against%20Tel…
…
continue reading

1
SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco
5:44
5:44
Play later
Play later
Lists
Like
Liked
5:44Honeypot Iptables Maintenance and DShield-SIEM Logging In this diary, Jesse is talking about some of the tasks to maintain a honeypot, like keeping filebeats up to date and adjusting configurations in case your dynamic IP address changes https://isc.sans.edu/diary/Honeypot%20Iptables%20Maintenance%20and%20DShield-SIEM%20Logging/31876 XRPL.js Compro…
…
continue reading

1
SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco (#)
5:45
5:45
Play later
Play later
Lists
Like
Liked
5:45SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco Honeypot Iptables Maintenance and DShield-SIEM Logging In this diary, Jesse is talking about some of the tasks to maintain a honeypot, like keeping filebeats up to date and adjusting configurations in case your dynamic IP addr…
…
continue reading

1
SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed
6:18
6:18
Play later
Play later
Lists
Like
Liked
6:18xorsearch.py: Ad Hoc YARA Rules Adhoc YARA rules allow for easy searches using command line arguments without having to write complete YARA rules for simple use cases like string and regex searches https://isc.sans.edu/diary/xorsearch.py%3A%20%22Ad%20Hoc%20YARA%20Rules%22/31856 Google Spoofed via DKIM Replay Attack DKIM replay attacks are a known i…
…
continue reading

1
SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed (#)
6:18
6:18
Play later
Play later
Lists
Like
Liked
6:18SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed xorsearch.py: Ad Hoc YARA Rules Adhoc YARA rules allow for easy searches using command line arguments without having to write complete YARA rules for simple use cases like string and regex searches https://isc.sans.edu/diary/xorsearch.py%3A…
…
continue reading

1
SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE
5:35
5:35
Play later
Play later
Lists
Like
Liked
5:35It's 2025, so why are malicious advertising URLs still going strong? Phishing attacks continue to take advantage of Google s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing services flag the URL. https://isc.sans.edu/diary/It%27s%202025...%20so%20why%20are%20obviously%20malicious%2…
…
continue reading

1
SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE (#)
5:35
5:35
Play later
Play later
Lists
Like
Liked
5:35SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE It's 2025, so why are malicious advertising URLs still going strong? Phishing attacks continue to take advantage of Google’s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing…
…
continue reading

1
SANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug
7:31
7:31
Play later
Play later
Lists
Like
Liked
7:31Microsoft Entra User Lockout Multiple organizations reported widespread alerts and account lockouts this weekend from Microsoft Entra. The issue is caused by a new feature Microsoft enabled. This feature will lock accounts if Microsoft believes that the password for the account was compromised. https://www.bleepingcomputer.com/news/microsoft/widesp…
…
continue reading

1
ANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug (#)
7:31
7:31
Play later
Play later
Lists
Like
Liked
7:31ANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug Microsoft Entra User Lockout Multiple organizations reported widespread alerts and account lockouts this weekend from Microsoft Entra. The issue is caused by a new feature Microsoft enabled. This feature will lock accounts if Microsoft be…
…
continue reading

1
SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy
6:18
6:18
Play later
Play later
Lists
Like
Liked
6:18RedTail: Remnux and Malware Management A description showing how to set up a malware analysis in the cloud with Remnux and Kasm. RedTail is a sample to illustrate how the environment can be used. https://isc.sans.edu/diary/RedTail%2C%20Remnux%20and%20Malware%20Management%20%5BGuest%20Diary%5D/31868 Critical Erlang/OTP SSH Vulnerability Researchers …
…
continue reading

1
SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy (#)
6:19
6:19
Play later
Play later
Lists
Like
Liked
6:19SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy RedTail: Remnux and Malware Management A description showing how to set up a malware analysis in the cloud with Remnux and Kasm. RedTail is a sample to illustrate how the environment can be used. https://isc.san…
…
continue reading

1
SANS Stormcast Thursday April 17th: Apple Updates; Oracle Updates; Google Chrome Updates; CVE News;
6:04
6:04
Play later
Play later
Lists
Like
Liked
6:04Apple Updates Apple released updates for iOS, iPadOS, macOS, and VisionOS. The updates fix two vulnerabilities which had already been exploited against iOS. https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/31866 Oracle Updates Oracle released it quarterly critical patch update. The update addresses 378 security vulnerabilities…
…
continue reading

1
SANS Stormcast Thursday April 17th: Apple Updates; Oracle Updates; Google Chrome Updates; CVE News; (#)
6:05
6:05
Play later
Play later
Lists
Like
Liked
6:05SANS Stormcast Thursday April 17th: Apple Updates; Oracle Updates; Google Chrome Updates; CVE News; Apple Updates Apple released updates for iOS, iPadOS, macOS, and VisionOS. The updates fix two vulnerabilities which had already been exploited against iOS. https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/31866 Oracle Updates O…
…
continue reading

1
SANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes
5:54
5:54
Play later
Play later
Lists
Like
Liked
5:54Online Services Again Abused to Exfiltrate Data Attackers like to abuse free online services that can be used to exfiltrate data. From the originals , like pastebin, to past favorites like anonfiles.com. The latest example is gofile.io. As a defender, it is important to track these services to detect exfiltration early https://isc.sans.edu/diary/On…
…
continue reading