SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Stormcast, Jan 24, 2025: XSS in Email, SonicWall Exploited; Cisco Vulnerablities; AI and SOAR (@sans_edu research paper by Anthony Russo)

Jan 24, 2025

In this discussion, Anthony Russo, U.S. team lead for security operations at Atlassian, shares insights on using AI for SOAR platforms. He highlights recent XSS attacks targeting webmail and the essential patches from SonicWall and Cisco to address critical vulnerabilities. Russo also delves into the integration of AI in automating security operations and the potential of large language models like ChatGPT in enhancing cybersecurity. However, he stresses the importance of understanding AI limitations and ensuring effective automation.

14:45

Creator website

Episode guests

Anthony Russo

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Recent email attacks are exploiting XSS vulnerabilities in webmail systems, necessitating urgent mitigation strategies for organizations.

SonicWall and Cisco have released critical patches to address severe vulnerabilities in their systems, underscoring the importance of timely updates.

Deep dives

Exploiting Cross-Site Scripting Vulnerabilities

Recent email attempts revealed efforts to exploit cross-site scripting vulnerabilities, particularly in webmail systems. Attackers embedded JavaScript in both the subject and body of these emails, indicating a likely target within webmail systems. The complexity of handling HTML in these contexts makes them challenging to secure, often leading to vulnerabilities in systems like ProtonMail. This highlights a critical area for focus, as organizations must prioritize the defense against such potential exploits.

Intro

5min

Integrating AI Solutions in Security Operations

2min

Leveraging AI Tools in Cybersecurity Automation

2min

Navigating AI Limitations in Security Operations

2min

Leveraging AI in Cybersecurity Testing and Privacy Considerations

3min

In today's episode, learn how an attacker attempted to exploit webmail XSS vulnerablities against us. Sonicwall released a critical patch fixing an already exploited vulnerability in its SMA 1000 appliance. Cisco fixed vulnerabilities in ClamAV and its Meeting Manager REST API. Learn from SANS.edu student Anthony Russo how to take advantage of AI for SOAR.
XSS Attempts via E-Mail
https://isc.sans.edu/diary/XSS%20Attempts%20via%20E-Mail/31620
An analysis of a recent surge in email-based XSS attack attempts targeting users and organizations. Learn the implications and mitigation techniques.
SonicWall PSIRT Advisory: CVE-2025-23006
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 CVE-2025-23006
Details of a critical vulnerability in SonicWall appliances (SNWLID-2025-0002) and what you need to do to secure your systems.
Cisco ClamAV Advisory: OLE2 Parsing Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA
A DoS vulnerability in the popular open source anti virus engine ClamAV
Cisco CMM Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-privesc-uy2Vf8pc
A patch of a privilege escalation flaw in Cisco s CMM module.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Stormcast, Jan 24, 2025: XSS in Email, SonicWall Exploited; Cisco Vulnerablities; AI and SOAR (@sans_edu research paper by Anthony Russo)

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Exploiting Cross-Site Scripting Vulnerabilities

Critical Security Updates from SonicWall and Cisco

Incorporating AI in Cybersecurity Operations

Remember Everything You Learn from Podcasts