SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, July 7th, 2025: interesting usernames; More sudo issues; CitrixBleed2 PoC; Short Lived Certs
Jul 7, 2025
Dive into intriguing usernames found in honeypots that could reveal security risks. Discover how the sudo command can be exploited to gain unauthorized access. Learn about the newly documented CitrixBleed2 vulnerability and its proof of concept. Plus, find out why Instagram has opted for six-day TLS certificates to boost security. Each topic highlights essential insights into current cybersecurity challenges.
AI Snips
Chapters
Transcript
Episode notes
Honeypot Fingerprinting Usernames
- Researchers found attackers using usernames like 'Well_not_a_chance' to fingerprint honeypots.
- These usernames help attackers identify if they're interacting with honeypots that allow any credential to work.
Usernames Linked to SCADA and GPUs
- Some usernames found relate to SCADA systems and GPU hosts, revealing attacker interests.
- A Mastodon user confirmed connections to Rapid SCADA admins using these usernames.
Fix Sudo Host Option Vulnerability
- Update sudo promptly to fix a 13-year-old vulnerability related to the host option.
- Do not rely on outdated sudo versions, as they enable privilege escalation via the host option.