Home » Archives by category » Podcasts

ISC StormCast for Friday, December 15th 2017

Citizen Lab Security Planner https://securityplanner.org/Apple Update to iOS/tvOS/iCloud (Windows) https://support.apple.com/en-us/HT201222Fortinet Client Credentials Shared Key https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.htmlFox-It Victim of a Man-in-the-Middle Attack https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/…

ISC StormCast for Thursday, December 14th 2017

Tracking Newly Registered Domains https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/Critical Palo Alto Firewall Flaws Allow RCE as root http://seclists.org/fulldisclosure/2017/Dec/38Hiding Changes from git-diff https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/Apple Airport Update https://support.apple.com/en-us/HT208354…

ISC StormCast for Wednesday, December 13th 2017

Microsoft Patch Tuesday Summary https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/EV Certificate Model Broken? https://stripe.ian.shROBOT Attack Against TLS https://robotattack.org…

ISC StormCast for Tuesday, December 12th 2017

Pornographic Spam Messages Used to Deliver Crypto Coin Miner https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/Microsoft Leaks Secret SSL Key For Dynamics 365 https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648Proxy Botnet Used to Launch Variety of Web Application Attacks https://news.drweb.com/show/?i=11627&lng=enFoxIT Releases Utility…

ISC StormCast for Monday, December 11th 2017

Sometimes An RTF Document is Just an RTF Document https://isc.sans.edu/forums/diary/Sometimes+its+a+dud/23115/HP Keyboard Drivers Can Log Keystrokes https://support.hp.com/us-en/document/c05827409 https://zwclose.github.io/HP-keylogger/Android App Signature Bypass https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signaturesMSFT Patches Antimalware Engine https://portal.msrc.microsoft.com/en-US/eula…

ISC StormCast for Friday, December 8th 2017

Positive Technologies Demonstrates Intel ME Exploit at Blackhat Europe https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdfTracking Users Without GPS http://ieeexplore.ieee.org/document/8038870/Process Doppelgaenger Anti-Malware Bypass https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdfFriday Webcast About Recent OWASP Top 10 Update https://www.sans.org/webcasts/owasp-top-10-2017-106560…

ISC StormCast for Thursday, December 7th 2017

Apple Updates Everything https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23107/Do Not Trust Reverse DNS. And here is an example why https://isc.sans.edu/forums/diary/PSA+Do+not+Trust+Reverse+DNS+and+why+does+an+address+resolve+to+localhost/23105/NiceHash Hacked https://www.reddit.com/r/NiceHash/comments/7i0s6o/official_press_release_statement_by_nicehash/…

ISC StormCast for Wednesday, December 6th 2017

AI.Type Data Exposed in MongoDB Database https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-recordsMailsploit Makes it Easier to Spoof From Headers in E-Mails https://www.mailsploit.comStorageCrypt Ransomware Encrypts NAS Devices https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/Android December Update https://source.android.com/security/bulletin/2017-12-01…

ISC StormCast for Tuesday, December 5th 2017

Incidence Response Using TheHive https://isc.sans.edu/forums/diary/IR+using+the+Hive+Project/23099/SSL/TLS For Scapy https://github.com/tintinweb/scapy-ssl_tlstvOS 11.2 Released (but no details about security content yet) https://support.apple.com/en-us/HT201222System Vendors Ship Laptops With Intel ME Disabled https://www.reddit.com/r/linuxhardware/comments/7grglm/how_to_buy_a_dell_laptop_with_the_intel_me/ http://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan Hacker Falsified Jail…

ISC StormCast for Monday, December 4th 2017

Brazilian Banking Malware Uses UTF-16 Encoded .BAT File https://isc.sans.edu/forums/diary/Phishing+campaign+uses+old+bat+script+to+spread+banking+malware+and+it+is+flying+under+the+radar/23091/Phishing Abuse of JotForm https://isc.sans.edu/forums/diary/Phishing+Kit+AbUsing+Cloud+Services/23089/Apple Releases iOS 11.2 https://support.apple.com/en-us/HT201222 (no details live yet)Critical Patch For RSA Authentication Agent http://seclists.org/fulldisclosure/2017/Nov/46 https://community.rsa.com/community/products/securid/authentication-agent-web-apacheSlurp S3 Bucket…

Page 1 of 43123Next ›Last »