SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday June 30th, 2025: Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resliliency Initiative
5 snips
Jun 30, 2025 The podcast dives into the latest from the hacking group Scattered Spider, focusing on their dangerous social engineering tactics targeting airlines. A serious vulnerability in AMI BIOS is also highlighted, as it's currently being exploited. Listeners are reminded of the impending expiration of Secure Boot certificates, which is crucial for operating system security. Finally, Microsoft unveils its Resiliency Initiative, emphasizing enhanced security while introducing changes that could affect security tool functionality.
AI Snips
Chapters
Transcript
Episode notes
Social Engineering's Ongoing Threat
- Scattered Spider's persistence lies in its use of social engineering, a historically effective attack technique.
- Simple social tactics can breach well-defended organizations, making social engineering uniquely dangerous.
Encourage Reporting Attack Attempts
- Encourage employees to report suspicious attack attempts to help detect breaches early.
- Realize not everyone can identify attacks; reporting helps monitor and strengthen defenses.
Strengthen Identity Defenses
- Improve monitoring of identity endpoints to detect potential account takeovers.
- Refine password reset processes by involving direct supervisors to verify identities, avoiding anonymous help desks.