SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln

Mar 14, 2025

Discover how to analyze file hashes using Microsoft's BI tool, unlocking insights from honeypot data. Dive into the recent Apache Camel vulnerability that allows for easy exploitation via query parameters, raising alarms about arbitrary code execution risks. Learn about Juniper's urgent patch for a previously exploited JunOS vulnerability that threatens complete device compromise. Finally, hear about AMI's security advisory addressing multiple vulnerabilities, including a critical authentication bypass in Redfish, rated with a troubling CVSS score of 10.0.

06:07

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Microsoft BI effectively analyzes honeypot file uploads, offering valuable insights into cybersecurity through anomaly detection and data examination.

Critical vulnerabilities in Apache Camel and Juniper's JunOS highlight the need for timely patching to prevent arbitrary code execution and device compromise.

Deep dives

Utilizing Microsoft BI for Honeypot Analysis

Microsoft's business intelligence tool, Microsoft BI, can effectively analyze file uploads to honeypots, specifically using Kauri to capture binary data. The process involves importing file data into Microsoft BI, allowing users to examine and find anomalies in the collected files. By slicing and dicing the data, it becomes easier to identify unusual patterns or interesting findings in the honeypot activity. This method has shown promising results, demonstrating the potential of business intelligence in enhancing cybersecurity insights.

Cybersecurity Insights: Analyzing Honeypots and Addressing Vulnerabilities

6min

File Hashes Analysis with Power BI
Guy explains in this diary how to analyze Cowrie honeypot file hashes using Microsoft's BI tool and what you may be able to discover using this tool.
https://isc.sans.edu/diary/File%20Hashes%20Analysis%20with%20Power%20BI%20from%20Data%20Stored%20in%20DShield%20SIEM/31764
Apache Camel Vulnerability
Apache released two patches for Camel in close succession. Initially, the vulnerability was only addressed for headers, but as Akamai discovered, it can also be exploited via query parameters. This vulnerability is trivial to exploit and leads to arbitrary code execution.
https://www.akamai.com/blog/security-research/march-apache-camel-vulnerability-detections-and-mitigations
Juniper Patches Junos Vulnerability
Juniper patches an already exploited vulnerability in JunOS. However, to exploit the vulnerability, and attacker already needs privileged access. By exploiting the vulnerability, an attacker may completely compromised the device.
https://supportportal.juniper.net/s/article/2025-03-Out-of-Cycle-Security-Bulletin-Junos-OS-A-local-attacker-with-shell-access-can-execute-arbitrary-code-CVE-2025-21590?language=en_US
AMI Security Advisory
AMI patched three vulnerabilities. One of the, an authentication bypass in Redfish, allows for a complete system compromise without authentication and is rated with a CVSS score of 10.0.
https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Utilizing Microsoft BI for Honeypot Analysis

Vulnerabilities in Apache Camel and Juniper's June OS

Remember Everything You Learn from Podcasts