![Podcast Cover](https://d3wo5wojvuv7l.cloudfront.net/t_square_limited_480/images.spreaker.com/original/da6228f134793f55ee512e4f6dbede1e.jpg)
Contacts
Info
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually...
show more
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
show less
![Podcast Cover](https://d3wo5wojvuv7l.cloudfront.net/t_square_limited_480/images.spreaker.com/original/da6228f134793f55ee512e4f6dbede1e.jpg)
SANS ISC Network Security News
SANS ISC Network Security News
-
ISC StormCast for Friday, June 28th, 2024
28 JUN 2024 · What Setting Live Traps For Cybercriminals Taught Me About Security https://isc.sans.edu/diary/What%20Setting%20Live%20Traps%20for%20Cybercriminals%20Taught%20Me%20About%20Security%20%5BGuest%20Diary%5D/31038 TeamViewer Compromise https://www.teamviewer.com/en-us/resources/trust-center/statement/ Fortra File Catalyst Vulnerability and PoC https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0 https://www.tenable.com/security/research/tra-2024-25 GitLab Critical Update https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI https://jfrog.com/blog/prompt-injection-attack-code-execution-in-vanna-ai-cve-2024-5565/ -
ISC StormCast for Thursday, June 27th, 2024
27 JUN 2024 · Critical Progress MOVEit Authentication Bypass Vulnerability https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/ https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806 Polyfill.io Supply Chain Attack https://cside.dev/blog/more-than-100k-websites-targeted-in-web-supply-chain-attack Apple AirPods Firmware Update https://support.apple.com/en-us/HT214111 -
ISC StormCast for Wednesday, June 26th, 2024
26 JUN 2024 · TCP Latency Sidechannel https://www.snailload.com/snailload.pdf Microsoft Management Console for Intial Access and Evasion https://www.elastic.co/security-labs/grimresource Wyze Camera Vulnerabilities https://forums.wyze.com/t/security-advisory/289256 -
ISC StormCast for Tuesday, June 25th, 2024
25 JUN 2024 · Configuration Scans Expand https://isc.sans.edu/diary/Configuration%20Scanners%20Adding%20Java%20Specific%20Configuration%20Files/31032 SQL Server Emergency Fix https://support.microsoft.com/en-us/topic/june-20-2024-kb5041054-os-build-20348-2529-out-of-band-b746ffbd-934e-42ac-9c66-ed0636edf7f1 Juniper Security Analytics Update https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03?language=en_US MacOS/iOS XNU Buffer Overflow Exploit CVE-2024-27815 https://jprx.io/cve-2024-27815/ -
ISC StormCast for Monday, June 24th, 2024
24 JUN 2024 · Sysinternals Process Monitor Version 4 Released https://isc.sans.edu/diary/Sysinternals%27%20Process%20Monitor%20Version%204%20Released/31026 Kaspersky Sanctions https://home.treasury.gov/news/press-releases/jy2420 Phoenix UEFI Buffer Overflow Affects Wide Range of Systems https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/ Ghostscript Update https://ghostscript.readthedocs.io/en/gs10.03.1/News.html js2py vulnerability https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape -
ISC StormCast for Friday, June 21st, 2024
21 JUN 2024 · No Excuses: Free Tools to Help Secure Authentication in Ubuntu https://isc.sans.edu/diary/No%20Excuses%2C%20Free%20Tools%20to%20Help%20Secure%20Authentication%20in%20Ubuntu%20Linux%20%5BGuest%20Diary%5D/31024 Handling BOM MIME Files https://isc.sans.edu/diary/Handling+BOM+MIME+Files/31022 Atlasiun Confluence Data Center and Server Vuln https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses For Offensive Purposes https://modzero.com/en/blog/beyond_the_at_symbol/ VMWare Patches https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453 -
ISC StormCast for Tuesday, June 18th, 2024
18 JUN 2024 · New NetSupport Campaign Deleivered Through MSIX Packages https://isc.sans.edu/diary/New%20NetSupport%20Campaign%20Delivered%20Through%20MSIX%20Packages/31018 D-Link Router Backdoor https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398 iTerm2 Vulnerablity https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html NextCloud Vulnerability https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c -
ISC StormCast for Monday, June 17th, 2024
17 JUN 2024 · Overview of My Tools That Handle JSON Data https://isc.sans.edu/diary/Overview%20of%20My%20Tools%20That%20Handle%20JSON%20Data/31012 Python Serialization and "Sleepy Pickle" https://x.com/MarkBaggett/status/1801732554740969561 Detecting Headless Chrome https://deviceandbrowserinfo.com/learning_zone/articles/detecting-headless-chrome-puppeteer-2024 Detecting Malicious VS Code Extensions https://medium.com/@amitassaraf/4-6-introducing-extensiontotal-how-to-assess-risk-in-vs-code-extensions-3ac5bfd83fb1 ASUS Router Critical Vulnerability https://www.asus.com/content/asus-product-security-advisory/ -
ISC StormCast for Friday, June 14th, 2024
14 JUN 2024 · The Art of JQ and Command-Line Fu https://isc.sans.edu/diary/The%20Art%20of%20JQ%20and%20Command-line%20Fu%20%5BGuest%20Diary%5D/31006 Microsoft Outlook Vulnerablity Details https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability Keeping our Outlook Personal Email Users Safe https://techcommunity.microsoft.com/t5/outlook-blog/keeping-our-outlook-personal-email-users-safe-reinforcing-our/ba-p/4164184 Exploiting ML models with pickle file attacks https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/ -
ISC StormCast for Thursday, June 13th, 2024
13 JUN 2024 · MSMQ Packets https://isc.sans.edu/diary/Port%201801%20Traffic%3A%20Microsoft%20Message%20Queue/31004 Adobe Updates https://helpx.adobe.com/security/products/magento/apsb24-40.html Black Basta Exploited CVE-2024-26169 Prior to Patch https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day Pixel Phone 0-Day Patched https://source.android.com/docs/security/bulletin/pixel/2024-06-01
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually...
show more
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
show less
Information
Author | Johannes Ullrich |
Categories | Technology |
Website | isc.sans.edu |
handlers@isc.sans.edu |
Copyright 2024 - Spreaker Inc. an iHeartMedia Company