SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, September 12th, 2025: DShield SIEM Update; Another Sonicwall Warning; Website Keystroke Logging
7 snips
Sep 12, 2025 Discover the latest updates on the DShield SIEM tool, which visually tracks honeypot activity. Hear about the alarming rise in compromised SonicWall devices, as flagged by Australia's Signals Directorate. Delve into the privacy concerns surrounding website keystroke logging, revealing that many sites capture more than just form data. This episode emphasizes the critical need for user awareness and robust incident response strategies in today's cybersecurity landscape.
AI Snips
Chapters
Transcript
Episode notes
Graphical SIEM For Honeypots
- The DShield SIEM gives a graphical, searchable view of honeypot traffic using ELK components inside Docker containers.
- Running it in a VM or more powerful host yields better performance than a basic Raspberry Pi.
Assume Compromise When Patching
- Assume devices targeted by older vulnerabilities may already be compromised even after patching.
- Change credentials, rotate keys, and inspect for backdoors rather than only applying patches.
Patch ≠ Eviction Of Attackers
- Patch delays and pre-patch compromises create two separate problems: unpatched systems and patched-but-compromised systems.
- Eviction requires incident response actions beyond installing updates.