SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, September 29th, 2025: Convert Timestamps; Cisco Compromises; GitHub Notification Phishing
Sep 29, 2025
Discover a new tool that transforms Unix timestamps in .bash_history into readable formats, aiding forensic investigations. Explore the alarming vulnerabilities in Cisco ASA/FTD devices, with warnings about ongoing exploitations dating back a year. Additionally, learn about a phishing scheme using GitHub notifications to impersonate Y Combinator, tricking crypto startups into downloading harmful malware. Stay informed and secure with insights on vulnerabilities and remediation strategies!
AI Snips
Chapters
Transcript
Episode notes
Convert Bash History Timestamps
- Convert Unix timestamps in .bash_history to ISO for readable forensic timelines.
- Use the provided convert-ts-bash-history.py script to speed up incident response analysis.
Enable And Vet Bash Time Logging
- Enable HISTTIMEFORMAT in bash RC files to record timestamps in shell history.
- Remember the file can be manipulated and multiple shells can write out-of-order, so validate timestamps during investigations.
ASA/FPR Exploits Likely Longstanding
- Cisco ASA/Firepower vulnerabilities were likely exploited starting about a year ago, but public exploit code is not available yet.
- High device counts mean many vulnerable units exist, but observed exploited devices appear to be relatively few and potentially targeted.