SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, September 24th, 2025: DoS against the Analyst; GitHub Improvements; Solarwinds and Supermicro BMC vulnerabilities
Sep 24, 2025
An intern analyzes a peculiar DoS attack aimed more at distraction than disruption. GitHub unveils measures to secure the npm supply chain after recent package hijacks, emphasizing MFA and trusted publishing. SolarWinds deals with vulnerabilities in their Web Help Desk, revealing a serious remote code execution flaw. Meanwhile, Supermicro addresses critical issues in their BMC firmware, patching risks that could allow rogue firmware uploads. Tune in for insightful commentary on these pressing cybersecurity matters!
AI Snips
Chapters
Transcript
Episode notes
Small DoS Used As A Distraction
- Tyler House analyzed honeypot data that showed ~2.3 million packets from ~6,000 hosts suggesting a small DoS-like event.
- The attack may have been a smokescreen to distract analysts while smaller scans targeted git config files and URLs.
Supply-Chain Hardening After npm Hijack
- GitHub plans stricter controls after the npm package hijack driven by a phishing compromise of maintainer accounts.
- The measures target MFA, granular tokens, and trusted publishing to limit future supply-chain abuse.
Enforce Strong MFA And Granular CI Tokens
- Require FIDO2-based MFA for maintainers to protect against phishing of developer accounts.
- Use granular tokens and OpenID Connect (JWTs) for CI publishing to reduce blast radius of leaked credentials.