SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS ISC Stormcast, Jan 27, 2025: Access Brokers; Llama Stack Vuln; ESXi SSH Tunnels; Zyxel Boot Loops; Subary StarLeak
5 snips
Jan 27, 2025 Cybercriminals are using access brokers to maintain a persistent grip on compromised networks, raising significant security concerns. A critical vulnerability in Meta's Llama Stack highlights the need for robust mitigation strategies. The discussion also covers how to defend against ESXi ransomware and the importance of SSH tunneling. Additionally, a flaw in Subaru's Starlink system puts vehicles at risk of remote hacking, prompting urgent resolution measures. Tune in for insights on these pressing cybersecurity issues!
AI Snips
Chapters
Transcript
Episode notes
Preventing Access Broker Infections
- Prevent access broker infections with basic system hardening and patching.
- Implement intrusion detection rules and address common vulnerabilities like weak passwords.
Access Brokers' Role
- Access brokers exploit systems and sell access to ransomware actors and others.
- They represent the initial phase of the malware economy, often using SystemBC botnet.
AI Vulnerabilities
- The increasing adoption of AI tools introduces new security concerns.
- Meta's Llama stack, a framework for AI applications, has a critical deserialization vulnerability (CVE-2024-50050).