SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco
Apr 24, 2025
Discover the intricacies of maintaining a honeypot and the importance of dynamic configurations to keep your security measures sharp. Learn about a serious breach in the XRPL.js library, which allowed attackers to steal secret keys through malicious updates. The podcast also highlights a critical vulnerability in the Erlang/OTP SSH library affecting Cisco equipment, emphasizing the urgent need for patches and security vigilance in the tech community.
AI Snips
Chapters
Transcript
Episode notes
Maintain Honeypot Security Measures
- Keep your honeypot's iptables and filebeat updated to maintain accurate logging and attack detection.
- Adjust firewall rules to accommodate dynamic IP changes and restrict admin port access to trusted IPs only.
XRPL.js Library Supply Chain Attack
- The XRPL.js NPM library was compromised, but the official GitHub repo was not affected.
- Attacker injected code to steal private keys, exposing Ripple cryptocurrency users to risk.
Urgent Erlang/OTP SSH Patch Needed
- Patch Cisco products vulnerable to the Erlang/OTP SSH library flaw immediately.
- Assume compromise since exploitation is easy and publicly available, especially in telecom environments.