SANS ISC Stormcast, Jan 27, 2025: Access Brokers; Llama Stack Vuln; ESXi SSH Tunnels; Zyxel Boot Loops; Subary StarLeak

Guest Diary: How Access Brokers Maintain Persistence
Explore how cybercriminals utilize access brokers to persist within networks and the impact this has on organizational security.
https://isc.sans.edu/forums/diary/Guest+Diary+How+Access+Brokers+Maintain+Persistence/31600/
Critical Vulnerability in Meta's Llama Stack (CVE-2024-50050)
A deep dive into CVE-2024-50050, a critical vulnerability affecting Meta's Llama Stack, with exploitation details and mitigation strategies.
https://www.oligo.security/blog/cve-2024-50050-critical-vulnerability-in-meta-llama-llama-stack
ESXi Ransomware and SSH Tunneling Defense Strategies
Learn how to fortify your infrastructure against ransomware targeting ESXi environments, focusing on SSH tunneling and proactive measures.
https://www.sygnia.co/blog/esxi-ransomware-ssh-tunneling-defense-strategies/
Zyxel USG FLEX/ATP Series Application Signature Recovery Steps
Addressing issues with Zyxel s USG FLEX/ATP Series application signatures as of January 24, 2025, with a detailed recovery guide.
https://support.zyxel.eu/hc/en-us/articles/24159250192658-USG-FLEX-ATP-Series-Recovery-Steps-for-Application-Signature-Issue-on-January-24th-2025
Subaru Starlink Vulnerability Exposed Cars to Remote Hacking
Discussing how a vulnerability in Subaru s Starlink system left vehicles susceptible to remote exploitation and the steps taken to resolve it.
https://www.securityweek.com/subaru-starlink-vulnerability-exposed-cars-to-remote-hacking/