SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A major patch day for Microsoft sees 139 vulnerabilities addressed, with 14 rated as critical. The discussion also highlights a new TLS vulnerability known as the 'opossum attack,' which lets attackers inject requests in specific configurations. Additionally, Ivanti has rolled out updates to tackle significant issues in their products, including a concerning password decryption flaw. Tune in for insights on these emerging threats and essential fixes in the cybersecurity landscape!

Discover how malware can cleverly detect its environment through filename tricks, making analysis difficult. A new version of the Atomic macOS info-stealer, equipped with a backdoor, enables attackers to maintain persistent access to compromised systems. The podcast also dives into alarming SEO scams promoting trojaned versions of popular tools, showcasing the dangers of malvertising. Learn about vulnerabilities exploited by attackers that could lead to remote code execution on cloud services.

Dive into intriguing usernames found in honeypots that could reveal security risks. Discover how the sudo command can be exploited to gain unauthorized access. Learn about the newly documented CitrixBleed2 vulnerability and its proof of concept. Plus, find out why Instagram has opted for six-day TLS certificates to boost security. Each topic highlights essential insights into current cybersecurity challenges.

Local users can exploit a vulnerability in the Linux sudo command to gain root access, raising significant security concerns. The podcast also delves into polymorphic zip files, which can yield different data during extraction, depending on the tool used. Additionally, there's a critical flaw in Cisco's Unified Communications Manager that allows attackers to access devices using unchangeable default credentials. These discussions emphasize the importance of patching and understanding security vulnerabilities in modern software.

The podcast dives into the latest from the hacking group Scattered Spider, focusing on their dangerous social engineering tactics targeting airlines. A serious vulnerability in AMI BIOS is also highlighted, as it's currently being exploited. Listeners are reminded of the impending expiration of Secure Boot certificates, which is crucial for operating system security. Finally, Microsoft unveils its Resiliency Initiative, emphasizing enhanced security while introducing changes that could affect security tool functionality.

Developers beware: a flaw in the Open-VSX extension marketplace could jeopardize every extension available. Bluetooth vulnerabilities in the Airoha chipset may allow eavesdropping on personal devices, raising alarms about privacy. Additionally, critical weaknesses in Cisco's Identity Services Engine could enable remote attackers to gain root access. Learn about the growing threat landscape and upcoming events aimed at boosting cybersecurity awareness!

A recent security bulletin revealed a critical memory overflow vulnerability in Citrix's NetScaler, posing denial of service risks if unpatched. Meanwhile, CentOS Web Panel faces a serious remote code execution flaw that allows file uploads from users. The ongoing battle against vulnerabilities continues with Gogs' insufficient patch for file deletion exploits. On a progressive note, Let's Encrypt is preparing to issue IP address-based certificates, a game-changer for TLS certification that helps devices without hostnames.

Discover the intriguing evolution of password brute forcing over the past decade, revealing attackers' changing strategies. Learn about the alarming rise in attempts per scan, despite the consistency in password length. Delve into a new attack method called 'FileFix,' which tricks users into executing dangerous commands. Additionally, explore the trend of threat actors creating counterfeit software, like a fake Sonicwall Netextender, aimed at stealing user credentials. Stay informed on these pressing cybersecurity challenges!

The podcast dives into alarming scans targeting Ichano AtHome IP Cameras using easily guessable credentials like 'super_yg' and '123'. A critical vulnerability, CVE-2025-5777, is discussed regarding the Citrix Netscaler Gateway, which could put a lot of users at risk if not addressed. Additionally, the hosts reveal a concerning issue with WinRAR that could lead to remote code execution due to compromised file extraction paths. Listeners are urged to take immediate action to secure their systems.

Explore the fascinating world of alternate data streams in NTFS with innovative tools like cut-bytes.py and filescanner. Discover how Microsoft is tightening security on Windows 365 Cloud PCs with enhanced defaults. Unpack the recent directory traversal vulnerability in zend.to and its implications for file sharing. Lastly, dive into the unexpected quirks of Go's JSON and XML parsers, revealing how they can lead to security surprises. This blend of topics provides a rich landscape of current cybersecurity challenges.