SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, September 5th, 2025: Cloudflare Response to 1.1.1.1 Certificate; AI Modem Namespace Reuse; macOS Vulnerability Allowed Keychain Decryption
5 snips
Sep 5, 2025 Cloudflare revealed alarming details about a rogue certificate issued for the popular 1.1.1.1 DNS resolver, stressing the importance of avoiding complacency in certificate management. The risks of username reuse on platforms like Huggingface were explored, highlighting how deleted accounts can be hijacked. Additionally, a critical vulnerability in macOS was discussed, which could allow unauthorized decryption of sensitive data stored in the Keychain, underscoring the need for regular software updates.
AI Snips
Chapters
Transcript
Episode notes
CT Logs Alone Aren't Enough
- Certificate transparency logs can expose unauthorized certificates but detection still fails without tuned alerts.
- Cloudflare found a rogue 1.1.1.1 certificate in CT logs and is refining internal monitoring to catch similar issues sooner.
Subscribe And Tune CT Alerts
- Do subscribe to certificate transparency alerts and build scripts to generate actionable notifications.
- Use free CT alerting services and tune filters to reduce false positives and get timely, useful alerts.
Pin Models And Monitor Namespaces
- Do pin model versions and monitor namespace ownership to reduce risk of malicious replacements.
- Watch for ownership changes and signs of tampering before loading untrusted models, especially pickle-based ones.