SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Friday, August 15th, 2025: Analysing Attack with AI; Proxyware via YouTube; Xerox FreeFlow Vuln; Evaluating Zero Trust @SANS_edu

4 snips
Aug 15, 2025
Guest
Darren Carstensen
Darren Carstensen, an MSISE graduate and security expert, dives into the realm of AI and its role in speeding up cybersecurity incident analysis. He reveals alarming trends, including proxyware malware distributed via popular YouTube download sites. Carstensen discusses critical vulnerabilities in Xerox's FreeFlow Core, enabling easy exploitation for remote code execution. The discussion also covers the complexities of implementing Zero Trust security, highlighting essential factors for successful adoption and the importance of robust multi-factor authentication.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ADVICE

Verify AI Findings During Triage

  • Use AI to explain and contextualize suspicious commands and small scripts found during triage.
  • Verify AI outputs to avoid plausible but incorrect hallucinations when you're a beginner.
INSIGHT

YouTube Downloaders Can Deliver Proxyware

  • Some YouTube download sites deliver setup scripts instead of MP4s to install proxyware.
  • Proxyware converts victims' PCs into rentable proxies and may lead to illegal traffic tied to the user's IP.
INSIGHT

XXE + Path Traversal Yield RCE In FreeFlow

  • Xerox FreeFlow Core had XXE and path traversal flaws enabling unauthenticated RCE.
  • Horizon3's write-up highlights how common and underrated XXE vulnerabilities can be.
Get the Snipd Podcast app to discover more snips from this episode
Get the app