SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Feb 11th 2025: 7zip and MoW; Apple 0-Day Fix; AMD Microcode Overwrite; Trimble CityWorks 0-Day; MageCart Update
9 snips
Feb 11, 2025 Explore the critical need for secure file extraction with 7-Zip updates that require the mark of the web. Apple rushes to patch a vulnerability that lets attackers bypass USB restrictions on devices. Meanwhile, a microcode exploit on AMD CPUs raises alarms, manipulating functions and random number generation. Trimble Cityworks falls victim to a newly exploited flaw, while the latest MageCart tactics involve stealthy JavaScript injections stealing credit card data through Google Tag Manager, highlighting the importance of cautious coding practices.
AI Snips
Chapters
Transcript
Episode notes
Mark of the Web Advice
- Ensure that Mark of the Web (MoW) is set when extracting files from archives.
- 7-Zip requires changing default settings for automatic MoW propagation.
Apple 0-Day Patch
- Update iOS and iPadOS to patch a USB Restricted Mode bypass vulnerability.
- This vulnerability is actively exploited and could allow unauthorized device connections.
AMD Microcode Vulnerability
- Attackers with root access can alter AMD CPU microcode, impacting functionality.
- Google's proof-of-concept shows manipulation of random number generators, posing cryptographic risks.