SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection.
8 snips
Nov 21, 2025 Adam Wilson, a Senior Manager in DevSecOps and application security expert, discusses the automation of generative AI guidelines to mitigate prompt injection risks. He introduces MITRE ATLAS, detailing how it enhances ATT&CK by specifying AI-related threats and their defenses. Adam highlights four main mitigations, emphasizing the value of layered defenses and automation in DevOps environments. Additionally, he shares insights on conducting experiments with different AI defense techniques and underscores the need for ongoing research to bolster security measures.
AI Snips
Chapters
Transcript
Episode notes
Oracle IdM Auth Bypass Seen Pre-Patch
- Oracle Identity Manager had an authentication-bypass flaw where adding ".wadl" (and ";.wadl") can skip auth and enable remote code execution.
- Johannes Ulrich observed exploit attempts in September, implying pre-patch compromise risk for exposed systems.
Mac Infostealer Mimics Legit App
- Jamf reported a macOS infostealer disguised as Dynamic Lake that selectively targets non-M1 systems.
- The malware installs one of four stealer components to harvest keychains, Telegram data, and crypto wallets.
SonicOS SL VPN DoS Patched
- SonicWall patched a SonicOS SL VPN buffer overflow that causes a denial-of-service crash.
- Johannes notes the issue is limited to service crash but highlights broader SL VPN migration trends.