SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed

Apr 23, 2025

Discover the latest advancements in cybersecurity tools, including the innovative uses of ad hoc YARA rules for simplified threat detection. Dive into a chilling discussion on a DKIM replay attack that successfully spoofed Google by reusing signatures. The vulnerabilities in SSL.com’s email validation process raise concerns about webmail security and certificate issuance. This podcast delves into these critical topics that shape the future of online safety.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Ad Hoc YARA Rules Simplify Scans

Ad hoc YARA rules allow command line searches without full rule files for simple tasks like string or regex searches.
This simplifies quick scanning without maintaining complex YARA configuration files.

ANECDOTE

DKIM Replay Attack on Google

Attackers replayed old DKIM signatures from legitimate Google emails to spoof subpoenas.
They copied signed headers to trick recipients, exploiting DKIM's limited header coverage.

ADVICE

Mitigate DKIM Replay Attack

Vary DKIM-signed fields like the subject by adding recipient-specific info to impede spoofing.
This makes it easier for recipients to detect fraudulent emails despite DKIM limitations.

Get the Snipd Podcast app to discover more snips from this episode

Get the app