SANS Internet Storm Center's Daily Network Security News Podcast

De: Johannes B. Ullrich
Escúchala gratis

  • Resumen

  • A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
    (c) SANS Institute 2021 This work is licensed under a Creative Commons License - Attribution-NonCommercial-ShareAlike - http://creativecommons.org/licenses/by-nc-sa/4.0/
    Más Menos
Política y Gobierno
Más Menos
Episodios
  • SANS Stormcast Wednesday, May 7th: Infostealer with Webserver; Android Update; CISA Warning (#)

    SANS Stormcast Wednesday, May 7th: Infostealer with Webserver; Android Update; CISA Warning (#)
    May 7 2025
    SANS Stormcast Wednesday, May 7th: Infostealer with Webserver; Android Update; CISA Warning Python InfoStealer with Embedded Phishing Webserver Didier found an interesting infostealer that, in addition to implementing typical infostealer functionality, includes a web server suitable to create local phishing sites. https://isc.sans.edu/diary/Python%20InfoStealer%20with%20Embedded%20Phishing%20Webserver/31924 Android Update Fixes Freetype 0-Day Google released its monthly Android update. As part of the update, it patched a vulnerability in Freetype that is already being exploited. Android is not alone in using Freetype. Freetype is a very commonly used library to parse fonts like Truetype fonts. https://source.android.com/docs/security/bulletin/2025-05-01 CISA Warns of Unsophistacted Cyber Actors CISA released an interesting title report warning operators of operational technology networks of ubiquitous attacks by unsophisticated actors. It emphasizes how important it is to not forget basic security measures to defend against these attacks. https://www.cisa.gov/news-events/alerts/2025/05/06/unsophisticated-cyber-actors-targeting-operational-technology keywords: python; infostealer; phishing; webserver
    Más Menos
    7 m
  • SANS Stormcast Tuesday, May 6th: Mirai Exploiting Samsung magicInfo 9; Kali Signing Key Lost; (#)

    SANS Stormcast Tuesday, May 6th: Mirai Exploiting Samsung magicInfo 9; Kali Signing Key Lost; (#)
    May 6 2025
    SANS Stormcast Tuesday, May 6th: Mirai Exploiting Samsung magicInfo 9; Kali Signing Key Lost; Mirai Now Exploits Samsung MagicINFO CMS CVE-2024-7399 The Mirai botnet added a new vulnerability to its arsenal. This vulnerability, a file upload and remote code execution vulnerability in Samsung’s MagicInfo 9 CMS, was patched last August but attracted new attention last week after being mostly ignored so far. https://isc.sans.edu/diary/Mirai+Now+Exploits+Samsung+MagicINFO+CMS+CVE20247399/31920 New Kali Linux Signing Key The Kali Linux maintainers lost access to the secret key used to sign packages. Users must install a new key that will be used going forward. https://www.kali.org/blog/new-kali-archive-signing-key/ The Risk of Default Configuration: How Out-of-the-Box Helm Charts Can Breach Your Cluster Many out-of-the-box Helm charts for Kubernetes applications deploy vulnerable configurations with exposed ports and no authentication https://techcommunity.microsoft.com/blog/microsoftdefendercloudblog/the-risk-of-default-configuration-how-out-of-the-box-helm-charts-can-breach-your/4409560 keywords: kali; linux; mirai; helm; kubernetes
    Más Menos
    7 m
  • SANS Stormcast Monday, May 5th: Steganography Challenge; Microsoft Makes Passkeys Default and Moves Away from Authenticator as Password Manager; Magento Components Backdoored. (#)

    SANS Stormcast Monday, May 5th: Steganography Challenge; Microsoft Makes Passkeys Default and Moves Away from Authenticator as Password Manager; Magento Components Backdoored. (#)
    May 5 2025
    SANS Stormcast Monday, May 5th: Steganography Challenge; Microsoft Makes Passkeys Default and Moves Away from Authenticator as Password Manager; Magento Components Backdoored. Steganography Challenge Didier published a fun steganography challenge. A solution will be offered on Saturday. https://isc.sans.edu/diary/Steganography+Challenge/31910 Microsoft Makes Passkeys Default Authentication Method Microsoft is now encouraging new users to use Passkeys as the “default” and only login method, further moving away from passwords https://www.microsoft.com/en-us/security/blog/2025/05/01/pushing-passkeys-forward-microsofts-latest-updates-for-simpler-safer-sign-ins/ Microsoft Authenticator Autofill Changes Microsoft will no longer support the use of Microsoft authenticator as a password safe. Instead, it will move users to the password prefill feature built into Microsoft Edge. This change will start in June and should be completed in August at which point you must have moved your credentials out of Microsoft Authenticator https://support.microsoft.com/en-gb/account-billing/changes-to-microsoft-authenticator-autofill-09fd75df-dc04-4477-9619-811510805ab6 Backdoor found in popular e-commerce components SANSEC identified several backdoored Magento e-commerce components. These backdoors were installed as far back as 2019 but only recently activated, at which point they became known. Affected vendors dispute any compromise at this point. https://sansec.io/research/license-backdoor keywords: backdoor; magento; msft; authenticator; passkeys; stegaonography; challenge
    Más Menos
    6 m
adbl_web_global_use_to_activate_webcro805_stickypopup

Lo que los oyentes dicen sobre SANS Internet Storm Center's Daily Network Security News Podcast

Calificaciones medias de los clientes
Total
  • 5 out of 5 stars
  • 5 estrellas
    5
  • 4 estrellas
    0
  • 3 estrellas
    0
  • 2 estrellas
    0
  • 1 estrella
    0
Ejecución
  • 5 out of 5 stars
  • 5 estrellas
    5
  • 4 estrellas
    0
  • 3 estrellas
    0
  • 2 estrellas
    0
  • 1 estrella
    0
Historia
  • 5 out of 5 stars
  • 5 estrellas
    5
  • 4 estrellas
    0
  • 3 estrellas
    0
  • 2 estrellas
    0
  • 1 estrella
    0

Reseñas - Selecciona las pestañas a continuación para cambiar el origen de las reseñas.

Reseñas de Audible.com

Opiniones de Amazon
Ordenar por:
Filtrar por:
  • Total
    5 out of 5 stars
  • Ejecución
    5 out of 5 stars
  • Historia
    5 out of 5 stars
Imagen de perfil para Joe Cincotta

Essential daily listening

This podcast is essential for any technologist, not just security folks. Keeping your finger on the pulse of cybersecurity is difficult, this podcast makes it much easier.

Denunciar

Se ha producido un error. Vuelve a intentarlo dentro de unos minutos.

Has calificado esta reseña.

Reportaste esta reseña

  • Total
    5 out of 5 stars
  • Ejecución
    5 out of 5 stars
  • Historia
    5 out of 5 stars
Imagen de perfil para Preston

One of the Best

I've been listening to this podcast for years on a near daily basis. Has provided time-sensitive info on many occasions.

Denunciar

Se ha producido un error. Vuelve a intentarlo dentro de unos minutos.

Has calificado esta reseña.

Reportaste esta reseña