SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) ISC StormCast for Wednesday, November 27th, 2024
5 snips
Nov 27, 2024 Discover how using tools like Zeek, Snort, and Grafana can help detect crypto mining malware. Learn about a new Russian APT strategy that exploits nearby Wi-Fi networks for covert access. Dive into the introduction of NachoVPN, a unique solution in the VPN world. Stay updated on crucial Keycloak security patches and PHP updates. The discussion also highlights concerning IoT vulnerabilities, particularly weak SSH passwords, just in time for the Thanksgiving holiday.
AI Snips
Chapters
Transcript
Episode notes
Network Detection for Miners
- Monitor network traffic for unusual DNS requests and other indicators.
- Endpoint protection is often limited on IoT devices, so network detection is key.
Targeting from Neighboring Wi-Fi
- Attackers compromised a nearby Wi-Fi network to target another organization.
- Monitor systems joining your Wi-Fi, don't just rely on credentials.
Secure Wi-Fi Access
- Implement robust multi-factor authentication for all access methods, including Wi-Fi.
- Wi-Fi access often lacks MFA, making it a weak point for attackers.