Send a textUrologist and president of the Duval County Medical Society Dr. Ali Kasraeian joins Dr. Michael Koren to update us on recent advances in Urology. In Part 3 of this series, Dr. Koren and Dr. Kasraeian dive deep into the latest advancements in prostate cancer detection and treatment options. Read More
Microsoft Patch Tuesday Microsoft patched 70-78 vulnerabilities (depending on how you count them). Five of these vulnerabilities are already being exploited. In particular, a remote code execution vulnerability in the scripting engine should be taken seriously. It requires the Microsoft Edge browser to run in Internet Explorer mode. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20May%202025/31946 Security Read More
Most freight tech stacks are a tangled mess of tools that don’t talk to each other. Ezequiel Peralta, VP of Technology at SPI Logistics, is working to fix that. This episode strips away the hype and digs into what it really takes to build functional, secure, and scalable freight systems. Peralta Read More
Apple Updates Everything Apple patched all of its operating systems. This update ports a patch for a recently exploited vulnerability to older versions of iOS and macOS. https://isc.sans.edu/diary/31942 It Is 2025, And We Are Still Dealing With Default IoT Passwords And Stupid 2013 Router Vulnerabilities Versions of the Mirai botnet Read More
Send a textDr. Michael Koren shares insights from his recent speaking tour across Saudi Arabia where he delivered 14 lectures in 6 days to sophisticated healthcare providers eager for American medical research. His observations reveal surprising aspects of Saudi healthcare including English as the professional language, universal insurance coverage, and Read More
Steganography Challenge Didier revealed the solution to last weekend s cryptography challenge. The image used the same encoding scheme as Didier described before, but the columns and rows were transposed. https://isc.sans.edu/forums/diary/Steganography%20Challenge%3A%20My%20Solution/31912/ FBI Warns of End-of-life routers The FBI is tracking larger botnets taking advantage of unpatched routers. Many of these Read More
No Internet Access: SSH to the Rescue If faced with restrictive outbound network access policies, a single inbound SSH connection can quickly be turned into a tunnel or a full-blown VPN https://isc.sans.edu/diary/No%20Internet%20Access%3F%20SSH%20to%20the%20Rescue!/31932 SAMSUNG magicINFO 9 Server Flaw Still exploitable The SAMSUNG magicINFO 9 Server Vulnerability we found being exploited last Read More
Welcome to Episode 401 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben Stegink and Scott Hoag dive into the intricacies of implementing Zero Trust principles within Microsoft 365 environments. They explore the foundational aspects of Zero Trust, starting with identity management and the importance of Entra ID. Read More
Example of Modular Malware Xavier analyzes modular malware that downloads DLLs from GitHub if specific features are required. In particular, the webcam module is inspected in detail. https://isc.sans.edu/diary/Example%20of%20%22Modular%22%20Malware/31928 Sysaid XXE Vulnerabilities IT Service Management Software Sysaid patched a number of XXE vulnerabilities. Without authentication, an attacker is able to obtain Read More
Our guest Kristal DeSantis is a Licensed Marriage and Family Therapist and the author of "STRONG: A Relationship Field Guide for the Modern Man." Her approach blends psychology, attachment theory, and practical strategies to help people build thriving relationships.We’ll explore the unique challenges first responders and military personnel encounter in Read More
Send a textUrologist and president of the Duval County Medical Society Dr. Ali Kasraeian joins Dr. Michael Koren to update us on recent advances in Urology. In Part 2 of this series, Dr. Koren and Dr. Kasraeian explore into the controversial history of PSA testing. Dr. Kasraeian explains how this Read More
Python InfoStealer with Embedded Phishing Webserver Didier found an interesting infostealer that, in addition to implementing typical infostealer functionality, includes a web server suitable to create local phishing sites. https://isc.sans.edu/diary/Python%20InfoStealer%20with%20Embedded%20Phishing%20Webserver/31924 Android Update Fixes Freetype 0-Day Google released its monthly Android update. As part of the update, it patched a vulnerability Read More
Barges move over 70 percent of U.S. grain and can carry the equivalent of 4,000 truckloads with a single tugboat. Yet this massive freight channel has remained invisible to most supply chains due to outdated systems and zero visibility. In this episode, OpenTug CEO Jason Aristides shares how his team is Read More
Mirai Now Exploits Samsung MagicINFO CMS CVE-2024-7399 The Mirai botnet added a new vulnerability to its arsenal. This vulnerability, a file upload and remote code execution vulnerability in Samsung s MagicInfo 9 CMS, was patched last August but attracted new attention last week after being mostly ignored so far. https://isc.sans.edu/diary/Mirai+Now+Exploits+Samsung+MagicINFO+CMS+CVE20247399/31920 Read More
Steganography Challenge Didier published a fun steganography challenge. A solution will be offered on Saturday. https://isc.sans.edu/diary/Steganography+Challenge/31910 Microsoft Makes Passkeys Default Authentication Method Microsoft is now encouraging new users to use Passkeys as the default and only login method, further moving away from passwords https://www.microsoft.com/en-us/security/blog/2025/05/01/pushing-passkeys-forward-microsofts-latest-updates-for-simpler-safer-sign-ins/ Microsoft Authenticator Autofill Changes Microsoft will Read More
Steganography Analysis With pngdump.py: Bitstreams More details from Didiear as to how to extract binary content hidden inside images https://isc.sans.edu/diary/Steganography%20Analysis%20With%20pngdump.py%3A%20Bitstreams/31904 Using Trusted Protocols Against You: Gmail as a C2 Mechanism Attackers are using typosquatting to trick developers into installing malicious python packages. These python packages will use GMail as a Read More
The freight market doesn’t work the way most people think it does, and Chris Caplice is here to explain why. As the Chief Scientist at DAT Freight & Analytics and Executive Director of MIT’s FreightLab, Chris has spent years studying the breakdowns in routing guides, the myth of economies of scale, Read More
Web Scanning for Sonicwall Vulnerabilities CVE-2021-20016 For the last week, scans for Sonicwall API login and domain endpoints have skyrocketed. These attacks may be exploiting an older vulnerability or just attempting to brute force credentials. https://isc.sans.edu/diary/Web%20Scanning%20Sonicwall%20for%20CVE-2021-20016/31906 The Wizards APT Group SLAAC Spoofing Adversary in the Middle Attacks ESET published an Read More
This critical episode explores a pressing issue affecting every firefighter: cancer prevention and detection. Join FDNY Battalion Chief John Haseney as we discuss vital steps being taken to overcome implementation barriers within the fire service. Discover the innovative efforts of the FDNY Contamination Reduction Workgroup and learn how they promote Read More
Send a textUrologist and president of the Duval County Medical Society Dr. Ali Kasraeian joins Dr. Michael Koren to update us on recent advances in Urology. In Part 1 of this series, Dr. Kasraeian talks about his journey, from growing up in a medical family to becoming a urologist and Read More
