Podcast terbaik Cyber Daily (2025)

1
SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln 6:07

5h ago6:07

6:07

File Hashes Analysis with Power BI Guy explains in this diary how to analyze Cowrie honeypot file hashes using Microsoft's BI tool and what you may be able to discover using this tool. https://isc.sans.edu/diary/File%20Hashes%20Analysis%20with%20Power%20BI%20from%20Data%20Stored%20in%20DShield%20SIEM/31764 Apache Camel Vulnerability Apache released…

1
🔴 Mar 13’s Top Cyber News NOW! - Ep 833 1:34:24

17h ago1:34:24

1:34:24

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates; 5:56

1d ago5:56

5:56

Log4J Scans for VMWare Hyhbrid Cloud Extensions An attacker is scanning various login pages, including the authentication feature in the VMWare HCX REST API for Log4j vulnerabilities. The attack submits the exploit string as username, hoping to trigger the vulnerability as Log4j logs the username https://isc.sans.edu/diary/Scans%20for%20VMWare%20Hy…

1
🔴 Mar 12’s Top Cyber News NOW! - Ep 832 1:30:55

1d ago1:30:55

1:30:55

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement 7:54

2d ago7:54

7:54

Microsoft Patch Tuesday Microsoft Patched six already exploited vulnerabilities today. In addition, the patches included a critical patch for Microsoft's DNS server and about 50 additional patches. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20March%202025/31756 Apple Updates iOS/macOS Apple released an update to address a single, alr…

1
🔴 Mar 11’s Top Cyber News NOW! - Ep 831 2:01:15

3d ago2:01:15

2:01:15

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
🔴 Mar 10’s Top Cyber News NOW! - Ep 830 1:37:17

3d ago1:37:17

1:37:17

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln; 4:59

3d ago4:59

4:59

Shellcode Encoded in UUIDs Attackers are using UUIDs to encode Shellcode. The 128 Bit (or 16 Bytes) encoded in each UUID are converted to shell code to implement a cobalt strike beacon https://isc.sans.edu/diary/Shellcode%20Encoded%20in%20UUIDs/31752 Moxa CVE-2024-12297 Expanded to PT Switches Moxa in January first releast an update to address a fr…

1
SANS Stormcast: Webshells; Undocumented ESP32 Commands; Camera Used For Ransomware Distribution 6:45

4d ago6:45

6:45

Commonly Probed Webshell URLs Many attackers deploy web shells to gain a foothold on vulnerable web servers. These webshells can also be taken over by parasitic exploits. https://isc.sans.edu/diary/Commonly%20Probed%20Webshell%20URLs/31748 Undocumented ESP32 Commands A recent conference presentation by Tarlogic revealed several "backdoors" or undoc…

1
🔴 Mar 7’s Top Cyber News NOW! - Ep 829 2:00:15

7d ago2:00:15

2:00:15

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
SANS Stormcast Friday Mar 7th: Chrome vs Extensions; Kibana Update; PrePw0n3d Android TV Sticks; Identifying APTs (@sans_edu, Eric LeBlanc) 13:53

7d ago13:53

13:53

Latest Google Chrome Update Encourages UBlock Origin Removal The latest update to Google Chrome not only disabled the UBlock Origin ad blocker, but also guides users to uninstall the extension instead of re-enabling it. https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html https://www.reddit.com/r/youtube/comments/1j2…

1
🔴 Mar 6’s Top Cyber News NOW! - Ep 828 1:29:20

8d ago1:29:20

1:29:20

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
SANS Stormcast Thursday Mar 6th: DShield ELK Analysis; Jailbreaking AMD CPUs; VIM Vulnerability; Snail Mail Ransomware 6:45

8d ago6:45

6:45

DShield Traffic Analysis using ELK The "DShield SIEM" includes an ELK dashboard as part of the Honeypot. Learn how to find traffic of interest with this tool. https://isc.sans.edu/diary/DShield%20Traffic%20Analysis%20using%20ELK/31742 Zen and the Art of Microcode Hacking Google released details, including a proof of concept exploit, showing how to …

1
🔴 Mar 5’s Top Cyber News NOW! - Ep 827 1:38:26

9d ago1:38:26

1:38:26

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
SANS Stormcast Wednesday Mar 5th: SMTP Credential Hunt; mac-robber.py update; ADSelfService Plus Account Takeover; Android Patch Day; PayPal Scams; VMWare Escape Fix 6:11

9d ago6:11

6:11

Romanian Distillery Scanning for SMTP Credentials A particular attacker expanded the scope of their leaked credential file scans. In addition to the usual ".env" style files, it is not looking for specific SMTP related credential files. https://isc.sans.edu/diary/Romanian%20Distillery%20Scanning%20for%20SMTP%20Credentials/31736 Tool Updates: mac-ro…

1
🔴 Mar 4’s Top Cyber News NOW! - Ep 826 1:38:12

10d ago1:38:12

1:38:12

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
SANS Stormcast Tuesday Mar 4th: Mark of the Web Details; Sharepint and Click-Fix Phishing; Paragon Partionmanager BYOVD Exploit 6:17

10d ago6:17

6:17

Mark of the Web: Some Technical Details Windows implements the "Mark of the Web" (MotW) as an alternate data stream that contains not just the "zoneid" of where the file came from, but may include other data like the exact URL and referrer. https://isc.sans.edu/diary/Mark%20of%20the%20Web%3A%20Some%20Technical%20Details/31732 Havoc Sharepoint with …

1
🔴 Mar 3’s Top Cyber News NOW! - Ep 825 1:32:15

11d ago1:32:15

1:32:15

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
SANS Stormcast Monday Mar 3rd: AI Training Data Leaks; MITRE Caldera Vuln; modsecurity bypass 7:08

11d ago7:08

7:08

Common Crawl includes Common Leaks The "Common Crawl" dataset, a large dataset created by spidering website, contains as expected many API keys and other secrets. This data is often used to train large language models https://trufflesecurity.com/blog/research-finds-12-000-live-api-keys-and-passwords-in-deepseek-s-training-data Github Repositories E…

1
🔴 Feb 28’s Top Cyber News NOW! - Ep 824 1:53:43

14d ago1:53:43

1:53:43

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware 14:27

14d ago14:27

14:27

Njrat Compaign Using Microsoft dev Tunnels: A recent version of the Njrat remote admin tool is taking advantage of Microsoft's developer tunnels (devtunnels.ms) as a command and control channel. https://isc.sans.edu/diary/Njrat%20Campaign%20Using%20Microsoft%20Dev%20Tunnels/31724 NrootTag Apple FindMy Abuse Malware could use a weakness in the keys …

1
🔴 Feb 27’s Top Cyber News NOW! - Ep 823 1:30:38

15d ago1:30:38

1:30:38

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln; 6:45

15d ago6:45

6:45

Attacker of of Ephemeral Ports Attackers often use ephermeral ports to reach out to download additional resources or exfiltrate data. This can be used, with care, to detect possible compromises. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Malware%20Source%20Servers%3A%20The%20Threat%20of%20Attackers%20Using%20Ephemeral%20Ports%20as%20Service%2…

1
🔴 Feb 26’s Top Cyber News NOW! - Ep 822 1:29:33

16d ago1:29:33

1:29:33

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
SANS Stormcast Wednesday Feb 26th: M365 Infostealer Botnet; Mixing OpenID Keys; Malicious Medical Image Apps 5:59

16d ago5:59

5:59

Massive Botnet Targets M365 with Password Spraying A large botnet is targeting service accounts in M365 with credentials stolen by infostealer malware. https://securityscorecard.com/wp-content/uploads/2025/02/MassiveBotnet-Report_022125_03.pdf Mixing up Public and Private Keys in OpenID The complex OpenID specificiation and the flexibility it suppo…

1
🔴 Feb 25’s Top Cyber News NOW! - Ep 821 2:18:35

17d ago2:18:35

2:18:35

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
SANS Stormcast Tuesday Feb 25th: Unfurl Updates; Google Ditches SMS; Paypal Phish; Exim, libXML, Parallels Vuln 6:10

17d ago6:10

6:10

Unfurl Update Released Unfurl released an Update fixing a few bugs and adding support to decode BlueSky URLs. https://isc.sans.edu/diary/Unfurl%20v2025.02%20released/31716 Google Confirms GMail To Ditch SMS Code Authentication Google no longer considers SMS authentication save enough for GMail. Instead, it pushes users to use Passkeys, or QR code b…

1
🔴 Feb 24’s Top Cyber News NOW! - Ep 820 1:32:42

18d ago1:32:42

1:32:42

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
SANS Stormcast Monday Feb 24th: sigs.py update; Google Introdusing Quantum Safe Sigs; MSFT Update Win 11 issues; LTE/5G Vulns; 5:20

18d ago5:20

5:20

Tool Update: Sigs.py Jim updates sigs.py. The tool verifies hashes for files and automatically recognizes what hash is used. https://isc.sans.edu/diary/Tool%20update%3A%20sigs.py%20-%20added%20check%20mode/31706 Google Announcing Quantum Safe Digital Signatures in Cloud KMS Google announced the option to use quantum safe digital signatures for its …

1
🔴 Feb 21’s Top Cyber News NOW! - Ep 819 1:32:36

21d ago1:32:36

1:32:36

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphon Allow what y…

1
SANS Stormcast Friday Feb 21st: Kibana Queries; Mongoose Injection; U-Boot Flaws; Unifi Protect Camera Vulnerabilities; Protecting Network Devices as Endpoint (Austin Clark @sans_edu) 12:29

21d ago12:29

12:29

Using ES|QL In Kibana to Query DShield Honeypot Logs Using the "Elastic Search Piped Query Language" to query DShield honeypot logs https://isc.sans.edu/diary/Using%20ES%7CQL%20in%20Kibana%20to%20Queries%20DShield%20Honeypot%20Logs/31704 Mongoose Flaws Put MongoDB at risk The Object Direct Mapping library Mongoose suffers from an injection vulnerab…

1
🔴 Feb 20’s Top Cyber News NOW! - Ep 818 1:31:42

22d ago1:31:42

1:31:42

Oleh Simply Cyber Media Group

1
SANS Stormcast Wednesday Feb 20th: XWorm Cocktail; Quantum Computing Breakthrough; Signal Phishing 7:01

22d ago7:01

7:01

XWorm Cocktail: A Mix of PE data with PowerShell Code Quick analysis of an interesting XWrom sample with powershell code embedded inside an executable https://isc.sans.edu/diary/XWorm+Cocktail+A+Mix+of+PE+data+with+PowerShell+Code/31700 Microsoft's Majorana 1 Chip Carves New Path for Quantum Computing Microsoft announced a breack through in Quantum…

Podcast Berbaloi untuk Didengar

Podcast Cyber Daily

Podcast Berbaloi untuk Didengar

Panduan Rujukan Pantas