SANS Internet Stormcenter Daily Cyber Security Podcast (Sto…
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Episodes
SANS Internet Stormcenter Daily Cyber Security Podcast (Sto…
Episodes of SANS Internet Stormcenter Daily Cyber Security Podcast
Mark All
Web Scanning for Sonicwall Vulnerabilities CVE-2021-20016For the last week, scans for Sonicwall API login and domain endpoints have skyrocketed. These attacks may be exploiting an older vulnerability or just attempting to brute force cre
More Scans for SMS Gateways and APIsAttackers are not just looking for SMS Gateways like the scans we reported on last week, but they are also actively scanning for other ways to use APIs and add on tools to send messages using other people
SRUM-DUMP Version 3: Uncovering Malware Activity in ForensicsMark Baggett released SRUM-DUMP Version 3. The tool simplifies data extraction from Widnows System Resource Usage Monitor (SRUM). This database logs how much resources software u
Example of a Payload Delivered Through SteganographyXavier and Didier published two diaries this weekend, building on each other. First, Xavier showed an example of an image being used to smuggle an executable past network defenses, and seco
Attacks against Teltonika Networks SMS GatewaysAttackers are actively scanning for SMS Gateways. These attacks take advantage of default passwords and other commonly used passwords. https://isc.sans.edu/diary/Attacks%20against%20Teltonika
Honeypot Iptables Maintenance and DShield-SIEM LoggingIn this diary, Jesse is talking about some of the tasks to maintain a honeypot, like keeping filebeats up to date and adjusting configurations in case your dynamic IP address changeshttp
xorsearch.py: Ad Hoc YARA RulesAdhoc YARA rules allow for easy searches using command line arguments without having to write complete YARA rules for simple use cases like string and regex searcheshttps://isc.sans.edu/diary/xorsearch.py%3A%
It's 2025, so why are malicious advertising URLs still going strong?Phishing attacks continue to take advantage of Google s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing
Microsoft Entra User LockoutMultiple organizations reported widespread alerts and account lockouts this weekend from Microsoft Entra. The issue is caused by a new feature Microsoft enabled. This feature will lock accounts if Microsoft believ
RedTail: Remnux and Malware ManagementA description showing how to set up a malware analysis in the cloud with Remnux and Kasm. RedTail is a sample to illustrate how the environment can be used.https://isc.sans.edu/diary/RedTail%2C%20Remnux
Apple UpdatesApple released updates for iOS, iPadOS, macOS, and VisionOS. The updates fix two vulnerabilities which had already been exploited against iOS.https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/31866Oracle U
Online Services Again Abused to Exfiltrate DataAttackers like to abuse free online services that can be used to exfiltrate data. From the originals , like pastebin,to past favorites like anonfiles.com. The latest example is gofile.io. As a
xorsearch UpdateDiedier updated his "xorsearch" tool. It is now a python script, not a compiled binary, and supports Yara signatures. With Yara support also comes support for regular expressions.https://isc.sans.edu/diary/xorsearch.py%3A%20
Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248)After spotting individaul attempts to exploit the recent Langflow vulnerability late last weeks, we now see more systematic internet wide scans attempting to verify the vul
Network InfraxploitOur undergraduate intern, Matthew Gorman, wrote up a walk through ofCVE-2018-0171, an older Cisco vulnerability, that is still actively beingexploited. For example, VOLT TYPHOON recently exploited this problem.https:
Getting Past PyArmorPyArmor is a python obfuscation tool used for malicious and non-malicious software. Xavier is taking a look at a sample to show what can be learned from these obfuscated samples with not too much work. https://isc.sans.
Microsoft Patch TuesdayMicrosoft patched over 120 vulnerabilities this month. 11 of these were rated critical, and one vulnerability is already being exploited.https://isc.sans.edu/diary/Microsoft%20April%202025%20Patch%20Tuesday/31838A
XORsearch: Searching With RegexesDidier explains a workaround to use his tool XORsearch to search for regular expressions instead of simple strings.https://isc.sans.edu/diary/XORsearch%3A%20Searching%20With%20Regexes/31834MCP Security Noti
New SSH Username ReportA new ssh/telnet username reports makes it easier to identify new usernames attackers are using against our telnet and ssh honeypotshttps://isc.sans.edu/diary/New%20SSH%20Username%20Report/31830Quickshell Sharing is
Exploring Statistical Measures to Predict URLs as Legitimate or IntrusiveUsing frequency analysis, and training the model with honeypot data as well as log data from legitimate websites allows for a fairly simple and reliable triage of web
Surge in Scans for Juniper t128 Default UserLasst week, we dedtect a significant surge in ssh scans for the username t128 . This user is used by Juniper s Session Smart Routing, a product they acquired from 128 Technologies which is the
Apple Patches EverythingApple released updates for all of its operating systems. Most were released on Monday with WatchOS patches released today on Tuesday. Two already exploited vulnerabilities, which were already patched in the latest iOS
Apache Camel Exploit Attempt by Vulnerability ScansA recently patched vulnerability in Apache Camel has been integrated into some vulnerability scanners, like for example OpenVAS. We do see some exploit attempts in our honeypots, but they ap
A Tale of Two Phishing StiesTwo phishing sites may use very different backends, even if the site itself appears to be visually very similar. Phishing kits are often copied and modified, leading to sites using similar visual tricks on the use
Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218Our honeypots detected a deserialization attack against the CMS Sitecore using a thumnailaccesstoken header. The underlying vulnerability was patch
Unlock more with Podchaser Pro
- Audience Insights
- Contact Information
- Demographics
- Charts
- Sponsor History
- and More!
- Account
- Register
- Log In
- Find Friends
- Resources
- Help Center
- Blog
- API
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More
- © 2025 Podchaser, Inc.
- Privacy Policy
- Terms of Service
- Contact Us