SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Stormcast Monday March 17th: Mirai Makes Mistakes; Compromised Github Action; ruby-saml vulnerability; Fake GitHub Security Alert Phishing
Mar 17, 2025
The podcast dives into the latest antics of the Mirai botnet, which hilariously misconfigured a router exploit. A compromised GitHub action raises alarms, leaking sensitive credentials. The discussion also highlights a ruby-saml authentication bypass caused by a parsing blunder. Additionally, it warns developers about fake GitHub security alerts designed to trick them into granting malicious apps OAUTH privileges. Cybersecurity never sounded so intriguing!
06:38
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- The emergence of a new Mirai variant exploiting DrayTek router vulnerabilities emphasizes the unpredictable nature of cyberattacks despite technical mistakes by attackers.
- A compromised GitHub Actions tool has exposed sensitive credentials in around 23,000 repositories, highlighting the critical need for vigilant security practices among developers.
Deep dives
Increased Attacks on Traytech Vigor Routers
Recent attacks on Traytech Vigor routers have become more aggressive, with scanning for vulnerabilities ramping up since 2020. The podcast notes the emergence of a new set of vulnerabilities in 2024, although many of the current attacks appear to involve a Mirai variant. A specific exploit was mentioned, which seems to fail due to a minor error in the URL formatting used by attackers, indicating that they might not fully understand its implementation. This situation highlights the unpredictable nature of cyberattacks, where even ineffective attempts can succeed if enough are launched.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
