SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco
Apr 24, 2025
Discover the intricacies of maintaining a honeypot and the importance of dynamic configurations to keep your security measures sharp. Learn about a serious breach in the XRPL.js library, which allowed attackers to steal secret keys through malicious updates. The podcast also highlights a critical vulnerability in the Erlang/OTP SSH library affecting Cisco equipment, emphasizing the urgent need for patches and security vigilance in the tech community.
05:44
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Maintaining the DeShield Honeypot involves regular updates to firewall rules and specific logging configurations to enhance network security.
- A security breach in the XRPL.js library highlights the risk of malicious code pushing through NPM, necessitating immediate vigilance in software dependency management.
Deep dives
Maintaining the DeShield Honeypot
The maintenance of the DeShield Honeypot, specifically the seam component, is essential for monitoring network security. Jesse shared insights on updating firewall rules and ip table rules to accommodate dynamics in IP addresses, ensuring that access to the admin port is restricted to specific IP addresses. Additionally, he emphasized the importance of logging attacks only from external sources. The implementation of the FileBeats component for feeding logs into Elasticsearch was also highlighted, suggesting that users may need more robust hardware to effectively run the complete setup.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
