SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory
Dec 9, 2025
Discover the security concerns surrounding nanoKVM devices, including insecure firmware updates and weak password issues. Learn about the Ghostframe phishing kit, which skillfully evades detection using unique subdomains. The discussion also covers a significant update from WatchGuard, addressing multiple vulnerabilities, including a notable DoS attack risk. Tune in for insights on flaws, mitigations, and the latest in cyber threats!
AI Snips
Chapters
Transcript
Episode notes
Host's Personal NanoKVM Experience
- Johannes Ulrich owns a nanoKVM and tested its basic functionality at home.
- He found it worked but warned its low price correlates with notable security shortcomings.
Firmware Update And Defaults Expose NanoKVM
- The nanoKVM's firmware update process is insecure, allowing malicious firmware to be installed.
- The device also exposes weak defaults like SSH enabled with default passwords and poor crypto for credentials.
Undocumented Microphone Likely Hardware Artifact
- A microphone on the nanoKVM board raised spying concerns but may be explained by shared hardware.
- The same motherboard is used for a single-board computer variant that legitimately advertises a microphone.