SANS Internet Storm Center's Daily Network Security News Podcast Podcast Por Johannes B. Ullrich arte de portada

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Internet Storm Center's Daily Network Security News Podcast

De: Johannes B. Ullrich
Escúchala gratis

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .(c) SANS Institute 2021 This work is licensed under a Creative Commons License - Attribution-NonCommercial-ShareAlike - http://creativecommons.org/licenses/by-nc-sa/4.0/ Política y Gobierno
Episodios
  • SANS Stormcast Tuesday, September 9th, 2025: Major npm compromise; HTTP Request Signature (#)

    SANS Stormcast Tuesday, September 9th, 2025: Major npm compromise; HTTP Request Signature (#)
    Sep 8 2025
    SANS Stormcast Tuesday, September 9th, 2025: Major npm compromise; HTTP Request Signature Major npm compromise A number of high-profile npm libraries were compromised after developers fell for a phishing email. This compromise affected libraries with a total of hundreds of millions of downloads a week. https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydioq5swk2y
https://github.com/orgs/community/discussions/172738
https://github.com/chalk/chalk/issues/656#issuecomment-3266894253 https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised HTTP Request Signatures It looks like some search engines and AI bots are starting to use the HTTP request signature. This should make it easier to identify bot traffic. https://isc.sans.edu/diary/HTTP%20Request%20Signatures/32266 keywords: http; request; signature; npm; qix; debug;
    Más Menos
    9 m
  • SANS Stormcast Monday, September 8th, 2025: YARA to Debugger Offsets; SVG JavaScript Phishing; FreePBX Patches; (#)

    SANS Stormcast Monday, September 8th, 2025: YARA to Debugger Offsets; SVG JavaScript Phishing; FreePBX Patches; (#)
    Sep 7 2025
    SANS Stormcast Monday, September 8th, 2025: YARA to Debugger Offsets; SVG JavaScript Phishing; FreePBX Patches; From YARA Offsets to Virtual Addresses Xavier explains how to convert offsets reported by YARA into offsets suitable for the use with debuggers. https://isc.sans.edu/diary/From%20YARA%20Offsets%20to%20Virtual%20Addresses/32262 Phishing via JavaScript in SVG Files Virustotal uncovered a Colombian phishing campaign that takes advantage of JavaScript in SVG files. https://blog.virustotal.com/2025/09/uncovering-colombian-malware-campaign.html FreePBX Patches FreePBX released details regarding two vulnerabilities patched last week. One of these vulnerabilities was already actively exploited. https://github.com/FreePBX/security-reporting/security/advisories/GHSA-3r47-p39v-vqqf keywords: FreePBX; javascript; svg; yara; offset
    Más Menos
    6 m
  • SANS Stormcast Friday, September 5th, 2025: Cloudflare Response to 1.1.1.1 Certificate; AI Modem Namespace Reuse; macOS Vulnerability Allowed Keychain Decryption (#)

    SANS Stormcast Friday, September 5th, 2025: Cloudflare Response to 1.1.1.1 Certificate; AI Modem Namespace Reuse; macOS Vulnerability Allowed Keychain Decryption (#)
    Sep 4 2025
    SANS Stormcast Friday, September 5th, 2025: Cloudflare Response to 1.1.1.1 Certificate; AI Modem Namespace Reuse; macOS Vulnerability Allowed Keychain Decryption Unauthorized Issuance of Certificate for 1.1.1.1 Cloudflare published a blog post with more details regarding the bad 1.1.1.1 certificate that was issued by Fina. https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/ AI Model Namespace Reuse Deleted accounts on Huggingface can be taken over by other entities unrelated to the original owner. https://unit42.paloaltonetworks.com/model-namespace-reuse/ macOS vulnerability allowed Keychain and iOS app decryption without a password Excessive entitlements for the gcore binary facilitated access to key material that was sufficient to access secrets stored in Apple’s keychain. https://www.helpnetsecurity.com/2025/09/04/macos-gcore-vulnerability-cve-2025-24204/ keywords: keychain; macos; gcore; ai model; namespace; certificate; ca; cloudflare
    Más Menos
    8 m
Todas las estrellas
Más relevante  
This podcast is essential for any technologist, not just security folks. Keeping your finger on the pulse of cybersecurity is difficult, this podcast makes it much easier.

Essential daily listening

Se ha producido un error. Vuelve a intentarlo dentro de unos minutos.
I've been listening to this podcast for years on a near daily basis. Has provided time-sensitive info on many occasions.

One of the Best

Se ha producido un error. Vuelve a intentarlo dentro de unos minutos.