Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Player FM - Internet Radio Done Right
121 subscribers
Checked 14h ago
اضافه شده در nine سال پیش
محتوای ارائه شده توسط SANS ISC Handlers and Johannes B. Ullrich. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط SANS ISC Handlers and Johannes B. Ullrich یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
مشابه SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Technical interviews about software topics.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 19:00 UTC.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry.
…
continue reading
S
Security Weekly Podcast Network (Audio)
1
Security Weekly Podcast Network (Audio)
Security Weekly Productions
2k
3k
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
Daily Deals
پادکست هایی که ارزش شنیدن دارند
حمایت شده
<
<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/techsurge-deep-tech-vc-podcast">TechSurge: Deep Tech VC Podcast</a></span>
The TechSurge: Deep Tech VC Podcast explores the frontiers of emerging tech, venture capital, and business. For entrepreneurs, investors, tech professionals, or anyone interested in where technology is headed next. Presented by Celesta Capital, and hosted by Founding Partners Nic Brathwaite, Michael Marks, and Sriram Viswanathan. Email feedback and show ideas to techsurge@celesta.vc. Join us as we examine the next major tech cycle, uncover emerging global tech hubs, and analyze where VC investment dollars are headed. Tune in to hear directly from Silicon Valley leaders, daring new founders, and visionary thinkers. Past guests on the podcast and TechSurge Live summits include Kara Swisher, Vinod Khosla, former PepsiCo CEO Indra Nooyi, Micron CEO Sanjay Mehrotra, and others. Each discussion delves into the intersection of technology advancement, market dynamics, and the founder journey, offering insights into the vast opportunities and complex challenges ahead. Episode topics include AI, data center transformation, blockchain, cyber security, healthcare innovation, VC investment trends, tips for first-time founders, and more. New episodes release every two weeks. Visit techsurgepodcast.com for more details and to sign up for our newsletter and other content!
SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch
Manage episode 463931941 series 128829
محتوای ارائه شده توسط SANS ISC Handlers and Johannes B. Ullrich. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط SANS ISC Handlers and Johannes B. Ullrich یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
From PowerShell to a Python Obfuscation Race!
This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows
https://isc.sans.edu/diary/From%20PowerShell%20to%20a%20Python%20Obfuscation%20Race!/31634
Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices
An exploit for this week's Fortinet vulnerability is for sale on russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release
https://x.com/MonThreat/status/1884577840185643345
https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376
The Tainted Voyage: Uncovering Voyager's Vulnerabilities
Sonarcube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads.
https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/
Hackers exploit critical unpatched flaw in Zyxel CPE devices
A currently unpatches vulnerablity in Zyxel devices is actively exploited.
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/
VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)
VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346
…
continue reading
This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows
https://isc.sans.edu/diary/From%20PowerShell%20to%20a%20Python%20Obfuscation%20Race!/31634
Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices
An exploit for this week's Fortinet vulnerability is for sale on russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release
https://x.com/MonThreat/status/1884577840185643345
https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376
The Tainted Voyage: Uncovering Voyager's Vulnerabilities
Sonarcube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads.
https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/
Hackers exploit critical unpatched flaw in Zyxel CPE devices
A currently unpatches vulnerablity in Zyxel devices is actively exploited.
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/
VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)
VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346
2705 قسمت
SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
اشتراک گذاری
Manage episode 463931941 series 128829
محتوای ارائه شده توسط SANS ISC Handlers and Johannes B. Ullrich. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط SANS ISC Handlers and Johannes B. Ullrich یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
From PowerShell to a Python Obfuscation Race!
This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows
https://isc.sans.edu/diary/From%20PowerShell%20to%20a%20Python%20Obfuscation%20Race!/31634
Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices
An exploit for this week's Fortinet vulnerability is for sale on russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release
https://x.com/MonThreat/status/1884577840185643345
https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376
The Tainted Voyage: Uncovering Voyager's Vulnerabilities
Sonarcube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads.
https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/
Hackers exploit critical unpatched flaw in Zyxel CPE devices
A currently unpatches vulnerablity in Zyxel devices is actively exploited.
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/
VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)
VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346
…
continue reading
This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows
https://isc.sans.edu/diary/From%20PowerShell%20to%20a%20Python%20Obfuscation%20Race!/31634
Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices
An exploit for this week's Fortinet vulnerability is for sale on russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release
https://x.com/MonThreat/status/1884577840185643345
https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376
The Tainted Voyage: Uncovering Voyager's Vulnerabilities
Sonarcube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads.
https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/
Hackers exploit critical unpatched flaw in Zyxel CPE devices
A currently unpatches vulnerablity in Zyxel devices is actively exploited.
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/
VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)
VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346
2705 قسمت
همه قسمت ها
×
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast: Webshells; Undocumented ESP32 Commands; Camera Used For Ransomware Distribution 6:45
Commonly Probed Webshell URLs Many attackers deploy web shells to gain a foothold on vulnerable web servers. These webshells can also be taken over by parasitic exploits. https://isc.sans.edu/diary/Commonly%20Probed%20Webshell%20URLs/31748 Undocumented ESP32 Commands A recent conference presentation by Tarlogic revealed several "backdoors" or undocumented features in the commonly used ESP32 Chipsets. Tarlogic also released a toolkit to make it easier to audit chipsets and find these hiddent commands. https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/ Camera Off: Akira deploys ransomware via Webcam The Akira ransomware group was recently observed infecting a network with Ransomware by taking advantage of a webcam. https://www.s-rminform.com/latest-thinking/camera-off-akira-deploys-ransomware-via-webcam…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast Friday Mar 7th: Chrome vs Extensions; Kibana Update; PrePw0n3d Android TV Sticks; Identifying APTs (@sans_edu, Eric LeBlanc) 13:53
Latest Google Chrome Update Encourages UBlock Origin Removal The latest update to Google Chrome not only disabled the UBlock Origin ad blocker, but also guides users to uninstall the extension instead of re-enabling it. https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html https://www.reddit.com/r/youtube/comments/1j2ec76/ublock_origin_is_gone/ Critical Kibana Update Elastic published a critical Kibana update patching a prototype polution vulnerability that would allow arbitrary code execution for users with the "Viewer" role. https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441 Certified PrePw0n3d Android TV Sticks Wired is reporting of over a million Android TV sticks that were found to be pre-infected with adware https://www.wired.com/story/android-tv-streaming-boxes-china-backdoor/ SANS.edu Research Paper Advanced Persistent Threats (APTs) are among the most challenging to detect in enterprise environments, often mimicking authorized privileged access prior to their actions on objectives. https://www.sans.edu/cyber-research/identifying-advanced-persistent-threat-activity-through-threat-informed-detection-engineering-enhancing-alert-visibility-enterprises/…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast Thursday Mar 6th: DShield ELK Analysis; Jailbreaking AMD CPUs; VIM Vulnerability; Snail Mail Ransomware 6:45
DShield Traffic Analysis using ELK The "DShield SIEM" includes an ELK dashboard as part of the Honeypot. Learn how to find traffic of interest with this tool. https://isc.sans.edu/diary/DShield%20Traffic%20Analysis%20using%20ELK/31742 Zen and the Art of Microcode Hacking Google released details, including a proof of concept exploit, showing how to take advantage of the recently patched AMD microcode vulnerability https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking CVE-2024-56161 VIM Vulnerability An attacker may execute arbitrary code by tricking a user to open a crafted tar file in VIM https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3 Snil Mail Fake Ransom Note A copy cat group is impersonating ransomware actors. The group sends snail mail to company executives claiming to have stolen company data and threatening to leak it unless a payment is made. https://www.guidepointsecurity.com/blog/snail-mail-fail-fake-ransom-note-campaign-preys-on-fear/…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast Wednesday Mar 5th: SMTP Credential Hunt; mac-robber.py update; ADSelfService Plus Account Takeover; Android Patch Day; PayPal Scams; VMWare Escape Fix 6:11
Romanian Distillery Scanning for SMTP Credentials A particular attacker expanded the scope of their leaked credential file scans. In addition to the usual ".env" style files, it is not looking for specific SMTP related credential files. https://isc.sans.edu/diary/Romanian%20Distillery%20Scanning%20for%20SMTP%20Credentials/31736 Tool Updates: mac-robber.py This update of mac-robber.py fixes issues with symlinks. https://isc.sans.edu/diary/Tool%20update%3A%20mac-robber.py/31738 CVE-2025-1723 Account takeover vulnerability in ADSelfService Plus CVE-2025-1723 describes a vulnerability caused by session mishandling in ADSelfService Plus that could allow unauthorized access to user enrollment data when MFA was not enabled for ADSelfService Plus login. https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-1723.html Android March Update Google released an update for Android addressing two already exploited vulnerabilities and several critical issues. https://source.android.com/docs/security/bulletin/2025-03-01 PayPal's no-code-checkout Abuse Attackers are using PayPal's no-code-checkout feature is being abused by scammers to host PayPal tech support scam pages right within the PayPal.com domain. https://www.malwarebytes.com/blog/scams/2025/02/paypals-no-code-checkout-abused-by-scammers Broadcom Fixes three VMWare VCenter Vulnerabilities https://github.com/vmware/vcf-security-and-compliance-guidelines/tree/main/security-advisories/vmsa-2025-0004…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast Tuesday Mar 4th: Mark of the Web Details; Sharepint and Click-Fix Phishing; Paragon Partionmanager BYOVD Exploit 6:17
Mark of the Web: Some Technical Details Windows implements the "Mark of the Web" (MotW) as an alternate data stream that contains not just the "zoneid" of where the file came from, but may include other data like the exact URL and referrer. https://isc.sans.edu/diary/Mark%20of%20the%20Web%3A%20Some%20Technical%20Details/31732 Havoc Sharepoint with Microsoft Graph API A recent phishing attack observed by Fortinet uses a simple HTML email to trick a user into copy pasting powershell into their system to execute additional code. Most of the malware interaction uses a Sharepoint site via Microsoft's Graph API futher hiding the malicious traffic https://www.fortinet.com/blog/threat-research/havoc-sharepoint-with-microsoft-graph-api-turns-into-fud-c2 Paragon Partition Manager Exploit A vulnerable Paragon Partition Manager has been user recently to escalate privileges for ransomware deployment. Even if you to not have PAragon installed: An attacker may just "bring the vulnerable driver" to your system. https://kb.cert.org/vuls/id/726882…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast Monday Mar 3rd: AI Training Data Leaks; MITRE Caldera Vuln; modsecurity bypass 7:08
Common Crawl includes Common Leaks The "Common Crawl" dataset, a large dataset created by spidering website, contains as expected many API keys and other secrets. This data is often used to train large language models https://trufflesecurity.com/blog/research-finds-12-000-live-api-keys-and-passwords-in-deepseek-s-training-data Github Repositories Exposed by Copilot As it is well known, Github's Copilot is using data from public GitHub repositories to train it's model. However, it appears that repositories who were briefly left open and later made private have been included as well, allowing Copilot users to retrieve files from these repositories. https://www.lasso.security/blog/lasso-major-vulnerability-in-microsoft-copilot MITRE Caldera Framework Allows Unauthenticated Code Execution The MITRE Caldera adversary emulation framework allows for unauthenticted code execution by allowing attackers to specify compiler options https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e modsecurity Rule Bypass Attackers may bypass the modsecurity web application firewall by prepending encoded characters with 0. https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware 14:27
Njrat Compaign Using Microsoft dev Tunnels: A recent version of the Njrat remote admin tool is taking advantage of Microsoft's developer tunnels (devtunnels.ms) as a command and control channel. https://isc.sans.edu/diary/Njrat%20Campaign%20Using%20Microsoft%20Dev%20Tunnels/31724 NrootTag Apple FindMy Abuse Malware could use a weakness in the keys used for Apple FindMy to abuse it to track victims. Updates were released with iOS 18.2, but to solve the issue the vast majority of Apple users must update. https://nroottag.github.io/ 360XSS: Mass Website Exploitation via Virtual Tour Framework The Krpano VR library which is often used to implement 3D virtual tours on real estate websites, is currently being abused to inject spam messages. The XSS vulnerabilty could allow attackers to inject even more malicious JavaScript. https://olegzay.com/360xss/ SANS.edu Research: Proof is in the Pudding: EDR Configuration Versus Ransomware. Benjamin Powell https://www.sans.edu/cyber-research/proof-pudding-edr-configuration-versus-ransomware/…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln; 6:45
Attacker of of Ephemeral Ports Attackers often use ephermeral ports to reach out to download additional resources or exfiltrate data. This can be used, with care, to detect possible compromises. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Malware%20Source%20Servers%3A%20The%20Threat%20of%20Attackers%20Using%20Ephemeral%20Ports%20as%20Service%20Ports%20to%20Upload%20Data/31710 Compromised Visal Studio Code Extension downloaded by Millions Amit Assaraf identified a likely compromised Visual Studio Code theme that was installed by millions of potential victims. Amit did not disclose the exact malicious behaviour, but is asking for victims to contact them for details. https://medium.com/@amitassaraf/a-wolf-in-dark-mode-the-malicious-vs-code-theme-that-fooled-millions-85ed92b4bd26 ByBit Theft Due to Compromised Developer Workstation ByBit and Safe{Wallet} disclosed that the record breaking ethereum theft was due to a compromised Safe{Wallet} developer workstation. A replaced JavaScript file targeted ByBit and altered a transaction signed by ByBit. https://x.com/benbybit/status/1894768736084885929 https://x.com/safe/status/1894768522720350673 PoC for NAKIVO Backup Replication Vulnerability This vulnerability allows the compromise of NAKIVO backup systems. The vulnerability was patched silently in November, and never disclosed by NAKIVO. Instead, WatchTowr now disloses details including a proof of concept exploit. https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/ OpenH264 Vulnerability https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x rsync vulnerability exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast Wednesday Feb 26th: M365 Infostealer Botnet; Mixing OpenID Keys; Malicious Medical Image Apps 5:59
Massive Botnet Targets M365 with Password Spraying A large botnet is targeting service accounts in M365 with credentials stolen by infostealer malware. https://securityscorecard.com/wp-content/uploads/2025/02/MassiveBotnet-Report_022125_03.pdf Mixing up Public and Private Keys in OpenID The complex OpenID specificiation and the flexibility it supports enables careless administrators to publich private keys instead or in addition to public keys https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html Healthcare Malware Hunt Part 1: Medial images are often encoded in the DICOM format, an image format unique to medical imaging. Patients looking for viewers for DICOM images are tricked into downloading malware. https://www.forescout.com/blog/healthcare-malware-hunt-part-1-silver-fox-apt-targets-philips-dicom-viewers/…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast Tuesday Feb 25th: Unfurl Updates; Google Ditches SMS; Paypal Phish; Exim, libXML, Parallels Vuln 6:10
Unfurl Update Released Unfurl released an Update fixing a few bugs and adding support to decode BlueSky URLs. https://isc.sans.edu/diary/Unfurl%20v2025.02%20released/31716 Google Confirms GMail To Ditch SMS Code Authentication Google no longer considers SMS authentication save enough for GMail. Instead, it pushes users to use Passkeys, or QR code based app authentication https://www.forbes.com/sites/daveywinder/2025/02/23/google-confirms-gmail-to-ditch-sms-code-authentication/ Beware of Paypal New Address Feature Abuse Attackers are using "address change" e-mails to send links to phishing sites or trick users into calling fake tech support phone numbers. Attackers are just adding the malicious content as part of the address. The e-mail themselves are legitimate PayPal emails and will pass various spam and phishing filters. https://www.bleepingcomputer.com/news/security/beware-paypal-new-address-feature-abused-to-send-phishing-emails/ Exim SQL Injection Vulnerability Exim, with sqlite support and ETRN enabled, is vulnerable to a simple SQL injection exploit. A PoC has been released https://www.exim.org/static/doc/security/CVE-2025-26794.txt https://github.com/OscarBataille/CVE-2025-26794? XMLlib patches https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 0-Day in Parallels https://jhftss.github.io/Parallels-0-day/…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast Monday Feb 24th: sigs.py update; Google Introdusing Quantum Safe Sigs; MSFT Update Win 11 issues; LTE/5G Vulns; 5:20
Tool Update: Sigs.py Jim updates sigs.py. The tool verifies hashes for files and automatically recognizes what hash is used. https://isc.sans.edu/diary/Tool%20update%3A%20sigs.py%20-%20added%20check%20mode/31706 Google Announcing Quantum Safe Digital Signatures in Cloud KMS Google announced the option to use quantum safe digital signatures for its cloud key management system. https://cloud.google.com/blog/products/identity-security/announcing-quantum-safe-digital-signatures-in-cloud-kms Windows 11 Patch issues The February Patch Tuesday appears to have caused issues with a number of Windows 11 systems. In particular the usability of the file manager appears to be affected. https://www.windowslatest.com/2025/02/16/windows-11-kb5051987-breaks-file-explorer-install-fails-on-windows-11-24h2/ LTE/5G Vulnerabilities Researchers at the university of Florida have identified a large number of vulnerabilities in 5G and LTE networks. https://nathanielbennett.com/publications/ransacked.pdf…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast Friday Feb 21st: Kibana Queries; Mongoose Injection; U-Boot Flaws; Unifi Protect Camera Vulnerabilities; Protecting Network Devices as Endpoint (Austin Clark @sans_edu) 12:29
Using ES|QL In Kibana to Query DShield Honeypot Logs Using the "Elastic Search Piped Query Language" to query DShield honeypot logs https://isc.sans.edu/diary/Using%20ES%7CQL%20in%20Kibana%20to%20Queries%20DShield%20Honeypot%20Logs/31704 Mongoose Flaws Put MongoDB at risk The Object Direct Mapping library Mongoose suffers from an injection vulnerability leading to the potenitial of remote code exeuction in MongoDB https://www.theregister.com/2025/02/20/mongoose_flaws_mongodb/ U-Boot Vulnerabilities The open source boot loader U-Boot does suffer from a number of issues allowing the bypass of its integrity checks. This may lead to the execution of malicious code on boot. https://www.openwall.com/lists/oss-security/2025/02/17/2 Unifi Protect Camera Update https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast Wednesday Feb 20th: XWorm Cocktail; Quantum Computing Breakthrough; Signal Phishing 7:01
XWorm Cocktail: A Mix of PE data with PowerShell Code Quick analysis of an interesting XWrom sample with powershell code embedded inside an executable https://isc.sans.edu/diary/XWorm+Cocktail+A+Mix+of+PE+data+with+PowerShell+Code/31700 Microsoft's Majorana 1 Chip Carves New Path for Quantum Computing Microsoft announced a breack through in Quantum computing. Its new prototype Majorana 1 chip takes advantage of exotic majorana particles to implement a scalable low error rate solution to building quantum computers https://news.microsoft.com/source/features/ai/microsofts-majorana-1-chip-carves-new-path-for-quantum-computing/ Russia Targeting Signal Messenger Signal is well regarded as a secure end to end encrypted messaging platform. However, a user may be tricked into providing access to their account by scanning a QR code masquerading as a group channel invitation. https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger/…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast Tuesday Feb 19th: ModelScan AI Model Security; OpenSSH Vuln; Juniper Patches; Dell BIOS Vulnerability 6:55
ModelScan: Protection Against Model Serialization Attacks ModelScan is a tool to inspect AI models for deserialization attacks. The tool will detect suspect commands and warn the user. https://isc.sans.edu/diary/ModelScan%20-%20Protection%20Against%20Model%20Serialization%20Attacks/31692 OpenSSH MitM and DoS Vulnerabilities OpenSSH Patched two vulnerabilities discovered by Qualys. One may be used for MitM attack in specfic configurations of OpenSSH. https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt Juniper Authentication Bypass Juniper fixed an authentication bypass vulnerability that affects several prodcuts. The patch was released outside the normal patch schedule. https://supportportal.juniper.net/s/article/2025-02-Out-of-Cycle-Security-Bulletin-Session-Smart-Router-Session-Smart-Conductor-WAN-Assurance-Router-API-Authentication-Bypass-Vulnerability-CVE-2025-21589?language=en_US DELL BIOS Patches DELL released BIOS updates fixing a privilege escalation issue. The update affects a large part of Dell's portfolio https://www.dell.com/support/kbdoc/en-en/000258429/dsa-2025-021…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS Stormcast: Securing the Edge; PostgreSQL Exploit; Ivanti Exploit; WinZip Vulnerablity; Xerox Patch 4:39
My Very Personal Guidance and Strategies to Protect Network Edge Devices A quick summary to help you secure edge devices. This may be a bit opinionated, but these are the strategies that I find work and are actionable. https://isc.sans.edu/diary/My%20Very%20Personal%20Guidance%20and%20Strategies%20to%20Protect%20Network%20Edge%20Devices/31660 PostgreSQL SQL Injection A followup to yesterday's segment about the PostgreSQL vulnerability. Rapid7 released a Metasploit module to exploit the vulnerability. https://github.com/rapid7/metasploit-framework/pull/19877 Ivanti Connect Secure Exploited The Japanese CERT observed exploitation of January's Connect Secure vulnerability https://blogs.jpcert.or.jp/ja/2025/02/spawnchimera.html WinZip Vulnerability WinZip patched a buffer overflow vulenrability that may be triggered by malicious 7Z files https://www.zerodayinitiative.com/advisories/ZDI-25-047/ Xerox Printer Patch Xerox patched two vulnerabililites in its enterprise multifunction printers that may be exploited for lateral movement. https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox-VersaLinkPhaser-and-WorkCentre.pdf…
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
Daily Deals
Daily Deals
مشابه SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Technical interviews about software topics.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 19:00 UTC.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry.
…
continue reading
S
Security Weekly Podcast Network (Audio)
1
Security Weekly Podcast Network (Audio)
Security Weekly Productions
2k3k
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
