CyberWire Daily

The invisible force fueling cyber chaos.

Apr 3, 2025

Johannes Ullrich, Dean of Research at SANS Technology Institute, shares insights on the evolving landscape of cybersecurity. He dives into the Fast Flux technique, now recognized as a national security threat, and discusses a critical authentication flaw in Crush FTP. Ullrich highlights vulnerabilities in Next.js applications, such as authentication loops and security flaws stemming from design choices. The conversation also touches on the rebranding of ransomware groups and the importance of robust application security measures in combating cyber threats.

30:59

Creator website

Episode guests

Johannes Ullrich

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Fast Flux is a significant national security threat that requires improved detection strategies from ISPs and cybersecurity firms.

Europol's dismantling of the KidFlix platform illustrates the urgent need for international cooperation against online child exploitation.

Deep dives

Fast Flux as a National Security Threat

Fast Flux is a technique exploited by cybercriminals and nation-state actors to evade detection by rapidly altering DNS records and IP addresses associated with malicious domains. This tactic supports resilient command and control operations, enabling persistent malicious activities such as phishing and botnet operations. A joint advisory from multiple U.S. cybersecurity agencies warns that fast flux poses a national security risk and recommends that internet service providers and cybersecurity firms enhance their detection and mitigation capabilities through strategies like DNS analysis and threat intelligence sharing. Organizations are urged to implement training on phishing awareness and improve their protective DNS measures to better defend against these threats.

Intro

3min

Navigating Cyber Threats

6min

Recent Cyber Vulnerabilities and Their Implications

5min

Security Vulnerabilities in Next.js Applications

6min

Enhancing Application Security and Unveiling Cyber Threats

5min

A joint advisory labels Fast Flux a national security threat. Europol shuts down a major international CSAM platform. Oracle verifies a data breach. A new attack targets Apache Tomcat servers. The Hunters International group pivots away from ransomware. Hackers target Juniper routers using default credentials. A controversy erupts over a critical CrushFTP vulnerability. Johannes Ullrich, Dean of Research at SANS Technology Institute unpacks Next.js. Abracadabra, alakazam — poof! Your credentials are gone.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Johannes Ullrich, Dean of Research at SANS Technology Institute, is discussing Next.js and how similar problems have led to vulnerabilities recently.

Selected Reading

Fast Flux: A National Security Threat (CISA)

Don’t cut CISA personnel, House panel leaders say, as they plan legislation giving the agency more to do (CyberScoop)

CSAM platform Kidflix shut down by international operation (The Record)

AI Image Site GenNomis Exposed 47GB of Underage Deepfakes (Hackread)

Oracle tells clients of second recent hack, log-in data stolen, Bloomberg News reports (Reuters)

Hackers Exploiting Apache Tomcat Vulnerability to Steal SSH Credentials & Gain Server Control (Cyber Security News)

Hunters International Ransomware Gang Rebranding, Shifting Focus (SecurityWeek)

Hackers Actively Scanning for Juniper’s Smart Router With Default Password (Cyber Security News)

Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability (SecurityWeek)

New Malware Attacking Magic Enthusiasts to Steal Login Credentials (Cyber Security News)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

The invisible force fueling cyber chaos.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Fast Flux as a National Security Threat

Successful Takedown of Major Child Exploitation Platform

Emergence of New Cyber Threats and Vulnerabilities

CyberWire Guest

Selected Reading

Share your feedback.

Want to hear your company in the show?

Remember Everything You Learn from Podcasts