SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, July 18th, 2025: Extended File Attributes; Critical Cisco ISE Patch; VMWare Patches; Quarterly Oracle Patches
Jul 18, 2025
Discover the sneaky world of Linux extended file attributes, where payloads can be cleverly concealed. Learn about critical vulnerabilities found in Cisco's Identity Services Engine that could allow unauthenticated users to execute code remotely. Oracle has rolled out a massive patch for over 300 flaws, highlighting the urgency for updates. Plus, Broadcom addresses vulnerabilities in VMware products, ensuring a safer digital environment. It's a whirlwind of cybersecurity insights and essential updates you won't want to miss!
AI Snips
Chapters
Transcript
Episode notes
Use Extended Attributes Safely
- Use scripts to Base64 encode and split data into extended attributes for stealth.
- Search for files with suspicious extended attributes to detect hidden malware.
Linux Payload Hiding Anecdote
- Xavier explored Linux's extended file attributes to hide data similarly to Windows alternate data streams.
- He created scripts to encode, hide, and retrieve payloads using these attributes on Linux.
Critical Cisco ISE Vulnerability
- Cisco's Identity Services Engine flaw allows remote root code execution without authentication.
- The vulnerability scores a critical 10/10, highlighting severe risk across networks.