SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker – Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark

Jan 8, 2025

Discover the alarming exploitation of a zero-day vulnerability in SonicWall SSL-VPN devices. Unearth security flaws in Moxa routers that allow privilege escalation. Learn about the new cryptocurrency mining malware targeting PHP servers. Meanwhile, the White House introduces the U.S. Cyber Trust Mark, aiming to help consumers identify secure connected devices. This insightful discussion emphasizes the importance of patch management and informed decisions in cybersecurity.

06:39

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Cryptocurrency mining attacks targeting PHP servers highlight the critical need for effective patch management and incident response strategies.

The launch of the U.S. Cyber Trust Mark aims to guide consumers in identifying secure connected devices and improving overall cybersecurity awareness.

Deep dives

Exploitation of Cryptocurrency Mining Vulnerabilities

Cryptocurrency mining is increasingly targeting vulnerabilities in PHP servers, particularly the CVE 2024-4577 misconfiguration affecting PGP CGI installations. Attackers are using specific malware, including VR0P.exe, to deploy additional payloads that mine the packetcrypt classic cryptocurrency, which is gaining attention despite being relatively obscure. This incident highlights the often-overlooked importance of effective patch management, as the vulnerabilities under exploitation have existed for some time, making it crucial for organizations to conduct thorough incident response. Detecting such miners is typically straightforward through monitoring CPU load spikes, which can serve as an indicator of potential exploitation.

Cryptocurrency Mining Attacks and Vulnerability Exploits

3min

Examining Cybersecurity Vulnerabilities and New Initiatives

4min

In this episode, we dive into active exploitation of a zero-day in SonicWall SSL-VPN, privilege escalation vulnerabilities in Moxa devices, and a BitLocker bypass in Windows 11. We also cover cryptocurrency mining malware hitting PHP servers and the White House's launch of the U.S. Cyber Trust Mark to secure connected devices.
Episode Links and Topics:
PacketCrypt Classic Cryptocurrency Miner on PHP Servers
https://isc.sans.edu/diary/PacketCrypt%20Classic%20Cryptocurrency%20Miner%20on%20PHP%20Servers/31564
Malware exploiting PHP servers to mine PacketCrypt Classic cryptocurrency.
SonicOS Affected By Multiple Vulnerabilities
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
A zero-day vulnerability in SonicWall SSL-VPN devices is under active attack.
Privilege Escalation and OS Command Injection Vulnerabilities in Moxa Devices
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo
Critical vulnerabilities in Moxa routers and security appliances allow privilege escalation and OS command injection.
White House Launches U.S. Cyber Trust Mark
https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/
A new cybersecurity labeling program for connected devices aims to help consumers choose secure products.
Windows BitLocker: Screwed without a Screwdriver
https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver#t=761
(video in English)
A two-year-old vulnerability in Windows 11 allows bypassing BitLocker encryption.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker – Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Exploitation of Cryptocurrency Mining Vulnerabilities

Launch of Cybersecurity Labeling Program

Remember Everything You Learn from Podcasts