SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS ISC Stormcast, Jan 24, 2025: XSS in Email, SonicWall Exploited; Cisco Vulnerablities; AI and SOAR (@sans_edu research paper by Anthony Russo)
7 snips
Jan 24, 2025 In this discussion, Anthony Russo, U.S. team lead for security operations at Atlassian, shares insights on using AI for SOAR platforms. He highlights recent XSS attacks targeting webmail and the essential patches from SonicWall and Cisco to address critical vulnerabilities. Russo also delves into the integration of AI in automating security operations and the potential of large language models like ChatGPT in enhancing cybersecurity. However, he stresses the importance of understanding AI limitations and ensuring effective automation.
AI Snips
Chapters
Transcript
Episode notes
XSS Attack on SANS ISC
- SANS ISC was targeted by email-based XSS attacks.
- The attacker embedded JavaScript in the email subject and body, likely targeting webmail systems.
Monitor xss.report
- Monitor and block access to xss.report, a website used by attackers.
- Record DNS lookups for this hostname to detect potential XSS vulnerabilities.
Patch SonicWall Appliances
- Patch SonicWall SMA 1000 and CMC appliances immediately.
- A critical deserialization vulnerability is being actively exploited.