SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, December 19th, 2025: Less Vulnerabie Devices; Critical OneView Vulnerablity; Trufflehog finds JWTs
4 snips
Dec 19, 2025 There's a positive trend in 2025, with fewer internet-exposed industrial control systems and a significant drop in servers using outdated SSL versions. However, the decline raises questions about whether it's due to cleanup efforts or aging devices. A critical vulnerability in HPE's OneView software allows unauthenticated remote code execution, highlighting urgent patching needs. Meanwhile, TruffleHog has upped its game, now detecting and validating JWT tokens with public keys to fortify security.
AI Snips
Chapters
Transcript
Episode notes
Decline In Exposed Legacy Systems
- Publicly exposed ICS and outdated-SSL systems have declined compared to a year ago.
- SSLv2 and SSLv3 hosts dropped roughly by half, indicating wider moves away from legacy TLS stacks.
Patch Critical HPE OneView Flaw Now
- Patch or remove HP OneView instances that are remotely reachable before holidays.
- Apply HPE's update promptly because the vulnerability allows unauthenticated full remote code execution as admin.
Old TLS Is A Red Flag For Broader Neglect
- Presence of SSLv2/SSLv3 often signals broader systemic neglect beyond just old TLS.
- Servers supporting these protocols likely run outdated OSes or TLS libraries with other security issues.