Johnny Ball is famous for knowing many things, so who better to tell you how to keep your computer safe from online fraud. Johnny's guides contain all you need to know about internet and email security. There are four wisdom-packed episodes to download onto your computer and portable audio player.
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
…
continue reading
Internet safety, security, and digital parenting tips. You'll learn about protecting kids online (cybersafety), and general digital security and privacy (for adults as well as kids). https://DefendingDigital.com
…
continue reading

1
SANS Stormcast Friday, March 27th: Sitecore Exploited; Blasting Past Webp; Splunk and Firefox Vulnerabilities
6:15
Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 Our honeypots detected a deserialization attack against the CMS Sitecore using a thumnailaccesstoken header. The underlying vulnerability was patched in January, and security firm Searchlight Cyber revealed details about this vulnerability a couple of weeks…
…
continue reading

1
SANS Stormcast Friday, March 27th: Sitecore Exploited; Blasting Past Webp; Splunk and Firefox Vulnerabilities (#)
6:15
SANS Stormcast Friday, March 27th: Sitecore Exploited; Blasting Past Webp; Splunk and Firefox Vulnerabilities Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 Our honeypots detected a deserialization attack against the CMS Sitecore using a “thumnailaccesstoken” header. The underlying vulnerability was pat…
…
continue reading

1
SANS Stormcast Thursday Mar 27th: Classifying Malware with ML; Malicious NPM Packages; Google Chrome 0-day
7:11
Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest This diary explores a novel methodology for classifying malware by integrating entropy-driven feature selection with a specialized Convolutional Neural Network (CNN). Motivated by the increasing obfuscation tactics used by modern malware authors,…
…
continue reading

1
SANS Stormcast Thursday Mar 27th: Classifying Malware with ML; Malicious NPM Packages; Google Chrome 0-day (#)
4:51
SANS Stormcast Thursday Mar 27th: Classifying Malware with ML; Malicious NPM Packages; Google Chrome 0-day Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest This diary explores a novel methodology for classifying malware by integrating entropy-driven feature selection with a specialized Convolut…
…
continue reading

1
SANS Stormcast Wednesday Mar 26th: XWiki Exploit; File Converter Correction; VMWare Vulnerability; Draytek Router Reboots; MMC Exploit Details;
6:14
XWiki Search Vulnerablity Exploit Attempts (CVE-2024-3721) Our honeypot detected an increase in exploit attempts for an XWiki command injection vulnerablity. The vulnerability was patched last April, but appears to be exploited more these last couple days. The vulnerability affects the search feature and allows the attacker to inject Groovy code te…
…
continue reading

1
SANS Stormcast Wednesday Mar 26th: XWiki Exploit; File Converter Correction; VMWare Vulnerability; Draytek Router Reboots; MMC Exploit Details; (#)
6:15
SANS Stormcast Wednesday Mar 26th: XWiki Exploit; File Converter Correction; VMWare Vulnerability; Draytek Router Reboots; MMC Exploit Details; XWiki Search Vulnerablity Exploit Attempts (CVE-2024-3721) Our honeypot detected an increase in exploit attempts for an XWiki command injection vulnerablity. The vulnerability was patched last April, but ap…
…
continue reading

1
SANS Stormcast Tuesday Mar 25th: Privacy Awware Bots; Ingress Nightmare; Malicious File Converters; VSCode Extension Leads to Ransomware
5:55
Privacy Aware Bots A botnet is using privacy as well as CSRF prevention headers to better blend in with normal browsers. However, in the process they may make it actually easier to spot them. https://isc.sans.edu/diary/Privacy%20Aware%20Bots/31796 Critical Ingress Nightmare Vulnerability ingress-nginx fixed four new vulnerabilities, one of which ma…
…
continue reading

1
SANS Stormcast Tuesday Mar 25th: Privacy Awware Bots; Ingress Nightmare; Malicious File Converters; VSCode Extension Leads to Ransomware (#)
5:55
SANS Stormcast Tuesday Mar 25th: Privacy Awware Bots; Ingress Nightmare; Malicious File Converters; VSCode Extension Leads to Ransomware Privacy Aware Bots A botnet is using privacy as well as CSRF prevention headers to better blend in with normal browsers. However, in the process they may make it actually easier to spot them. https://isc.sans.edu/…
…
continue reading

1
SANS Stormcast Monday Mar 24th: Critical Next.js Vulnerability; Microsoft Trust Signing Platform Abuse
7:10
Critical Next.js Vulnerability CVE-2025-29927 A critical vulnerability in how the x-middleware-subrequest header is verified may lead to bypassing authorization in Next.js applications. https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw http…
…
continue reading

1
SANS Stormcast Monday Mar 24th: Critical Next.js Vulnerability; Microsoft Trust Signing Platform Abuse (#)
7:10
SANS Stormcast Monday Mar 24th: Critical Next.js Vulnerability; Microsoft Trust Signing Platform Abuse Critical Next.js Vulnerability CVE-2025-29927 A critical vulnerability in how the x-middleware-subrequest header is verified may lead to bypassing authorization in Next.js applications. https://zhero-web-sec.github.io/research-and-things/nextjs-an…
…
continue reading

1
SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE;
8:24
Some New Data Feeds and Little Incident We started offering additional data feeds, and an SEO spamer attempted to make us change a link from an old podcast episode. https://isc.sans.edu/diary/Some%20new%20Data%20Feeds%2C%20and%20a%20little%20%22incident%22./31786 Veeam Deserialization Vulnerability Veeam released details regarding the latest vulner…
…
continue reading

1
SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE; (#)
8:25
SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE; Some New Data Feeds and Little Incident We started offering additional data feeds, and an SEO spamer attempted to make us change a link from an old podcast episode. https://isc.sans.edu/diary/Some%20new%20Data%20Feeds%2C%20and%20a%20little%20%22incident%22…
…
continue reading

1
SANS Stormcast Thursday Mar 20th: Cisco Smart Licensing Attacks; Vulnerable Drivers again; Synology Advisories Updated
7:09
Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 CVE-2024-20440 Attackers added last September's Cisco Smart Licensing Utility vulnerability to their toolset. These attacks orginate most likely from botnets and the same attackers are scanning for a wide range of additional vulnerabilities. The vulnerability is a static credential i…
…
continue reading

1
SANS Stormcast Thursday Mar 20th: Cisco Smart Licensing Attacks; Vulnerable Drivers again; Synology Advisories Updated (#)
7:09
SANS Stormcast Thursday Mar 20th: Cisco Smart Licensing Attacks; Vulnerable Drivers again; Synology Advisories Updated Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 CVE-2024-20440 Attackers added last September's Cisco Smart Licensing Utility vulnerability to their toolset. These attacks orginate most likely from botnets and the…
…
continue reading

1
SANS Stormcast Wednesday Mar 19th 2025: Python DLL Side Loading; Tomcast RCE Correction; SAML Roulette; Windows Shortcut 0-Day
7:18
Python Bot Delivered Through DLL Side-Loading A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Side-Loading/31778 Tomcat RCE Correction To exploit the Tomcat RCE I mentioned yesterday, two non-default configuration options mu…
…
continue reading

1
SANS Stormcast Wednesday Mar 19th 2025: Python DLL Side Loading; Tomcast RCE Correction; SAML Roulette; Windows Shortcut 0-Day (#)
7:19
SANS Stormcast Wednesday Mar 19th 2025: Python DLL Side Loading; Tomcast RCE Correction; SAML Roulette; Windows Shortcut 0-Day Python Bot Delivered Through DLL Side-Loading A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Sid…
…
continue reading

1
SANS Stormcast Tuesday Mar 18th 2025: Analyzing GUID Encoded Shellcode; Node.js SAML Vuln; Tomcat RCE in the Wild; CSS e-mail obfuscation
7:03
Static Analysis of GUID Encoded Shellcode Didier explains how to decode shell code embeded as GUIDs in malware, and how to feed the result to his tool 1768.py which will extract Cobal Strike configuration information from the code. https://isc.sans.edu/diary/Static%20Analysis%20of%20GUID%20Encoded%20Shellcode/31774 SAMLStorm: Critical Authenticatio…
…
continue reading

1
SANS Stormcast Monday Mar 17th 2025: Analyzing GUID Encoded Shellcode; Node.js SAML Vuln; Tomcat RCE in the Wild; CSS e-mail obfuscation (#)
7:03
SANS Stormcast Monday Mar 17th 2025: Analyzing GUID Encoded Shellcode; Node.js SAML Vuln; Tomcat RCE in the Wild; CSS e-mail obfuscation Static Analysis of GUID Encoded Shellcode Didier explains how to decode shell code embeded as GUIDs in malware, and how to feed the result to his tool 1768.py which will extract Cobal Strike configuration informat…
…
continue reading

1
SANS Stormcast Monday March 17th: Mirai Makes Mistakes; Compromised Github Action; ruby-saml vulnerability; Fake GitHub Security Alert Phishing
6:38
Mirai Bot Now Incorporating Malformed DrayTek Vigor Router Exploits One of the many versions of the Mirai botnet added some new exploit strings attempting to take advantage of an old DrayTek Vigor Router vulnerability, but they got the URL wrong. https://isc.sans.edu/diary/Mirai%20Bot%20now%20incroporating%20%28malformed%3F%29%20DrayTek%20Vigor%20R…
…
continue reading

1
SANS Stormcast Monday March 17th: Mirai Makes Mistakes; Compromised Github Action; ruby-saml vulnerability; Fake GitHub Security Alert Phishing (#)
6:39
SANS Stormcast Monday March 17th: Mirai Makes Mistakes; Compromised Github Action; ruby-saml vulnerability; Fake GitHub Security Alert Phishing Mirai Bot Now Incorporating Malformed DrayTek Vigor Router Exploits One of the many versions of the Mirai botnet added some new exploit strings attempting to take advantage of an old DrayTek Vigor Router vu…
…
continue reading

1
SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln
6:07
File Hashes Analysis with Power BI Guy explains in this diary how to analyze Cowrie honeypot file hashes using Microsoft's BI tool and what you may be able to discover using this tool. https://isc.sans.edu/diary/File%20Hashes%20Analysis%20with%20Power%20BI%20from%20Data%20Stored%20in%20DShield%20SIEM/31764 Apache Camel Vulnerability Apache released…
…
continue reading

1
SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln (#)
6:08
SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln File Hashes Analysis with Power BI Guy explains in this diary how to analyze Cowrie honeypot file hashes using Microsoft's BI tool and what you may be able to discover using this tool. https://isc.sans.edu/diary/File%20Hashes%2…
…
continue reading

1
SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates;
5:56
Log4J Scans for VMWare Hyhbrid Cloud Extensions An attacker is scanning various login pages, including the authentication feature in the VMWare HCX REST API for Log4j vulnerabilities. The attack submits the exploit string as username, hoping to trigger the vulnerability as Log4j logs the username https://isc.sans.edu/diary/Scans%20for%20VMWare%20Hy…
…
continue reading

1
SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates; (#)
5:57
SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates; Log4J Scans for VMWare Hyhbrid Cloud Extensions An attacker is scanning various login pages, including the authentication feature in the VMWare HCX REST API for Log4j vulnerabilities. The attac…
…
continue reading

1
SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement
7:54
Microsoft Patch Tuesday Microsoft Patched six already exploited vulnerabilities today. In addition, the patches included a critical patch for Microsoft's DNS server and about 50 additional patches. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20March%202025/31756 Apple Updates iOS/macOS Apple released an update to address a single, alr…
…
continue reading

1
SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement (#)
7:55
SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement Microsoft Patch Tuesday Microsoft Patched six already exploited vulnerabilities today. In addition, the patches included a critical patch for Microsoft's DNS server and about 50 additional patches. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesda…
…
continue reading