SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch
Feb 14, 2025
Explore the fascinating world of honeypots with insights on new SIEM dashboards that summarize attack data. Discover the recently patched vulnerability in Palo Alto Networks' devices that could lead to authentication bypass. Learn how China's Volt Typhoon group exploits older Cisco vulnerabilities for telecom attacks. Plus, find out about the latest security patches from Crowdstrike for their Linux client. A deep dive into pressing cybersecurity topics that keep professionals on their toes.
AI Snips
Chapters
Transcript
Episode notes
Honeypot SIEM
- Use Guy's DShield SIEM add-on for honeypots to visualize attacks.
- It uses Elasticsearch, Logs, Kibana, and Seek, but needs more powerful hardware.
Path Confusion Vulnerability
- Path confusion vulnerabilities arise when middle boxes rewrite URLs and components interpret headers/paths differently.
- Palo Alto Networks had this issue, leading to arbitrary code execution.
Update Palo Alto and Cisco
- Update Palo Alto devices to fix random reboots, possibly a denial-of-service condition.
- Volt Typhoon continues exploiting older Cisco vulnerabilities (CVE-2023-2273), so update those too.