SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Attacks against Teltonika Networks SMS Gateways Attackers are actively scanning for SMS Gateways. These attacks take advantage of default passwords and other commonly used passwords. https://isc.sans.edu/diary/Attacks%20against%20Teltonika%20Networks%20SMS%20Gateways/31888 Commvault Vulnerability CVE-2205-34028 Commvault, about a week ago, published an advisory and a fix for a vulnerability in its backup software. watchTowr now released a detailed writeup and exploit for the vulnerability https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/ Exploitation Trends Q1 2025 Vulncheck published a summary of exploitation trends, pointing out that about a quarter of vulnerabilities are exploited a day after a patch is made available. https://vulncheck.com/blog/exploitation-trends-q1-2025 inetpub directory issues The inetpub directory introduced by Microsoft in its April patch may lead to a denial of service against applying patches on Windows if an attacker can create a junction for that location pointing to an existing system binary like Notepad. https://doublepulsar.com/microsofts-patch-for-cve-2025-21204-symlink-vulnerability-introduces-another-symlink-vulnerability-9ea085537741

Discover the intricacies of maintaining a honeypot and the importance of dynamic configurations to keep your security measures sharp. Learn about a serious breach in the XRPL.js library, which allowed attackers to steal secret keys through malicious updates. The podcast also highlights a critical vulnerability in the Erlang/OTP SSH library affecting Cisco equipment, emphasizing the urgent need for patches and security vigilance in the tech community.

Discover the latest advancements in cybersecurity tools, including the innovative uses of ad hoc YARA rules for simplified threat detection. Dive into a chilling discussion on a DKIM replay attack that successfully spoofed Google by reusing signatures. The vulnerabilities in SSL.com’s email validation process raise concerns about webmail security and certificate issuance. This podcast delves into these critical topics that shape the future of online safety.

It's 2025, so why are malicious advertising URLs still going strong? Phishing attacks continue to take advantage of Google s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing services flag the URL. https://isc.sans.edu/diary/It%27s%202025...%20so%20why%20are%20obviously%20malicious%20advertising%20URLs%20still%20going%20strong%3F/31880 ChatGPT Fingerprinting Documents via Unicode ChatGPT apparently started leaving fingerprints in texts, which it creates by adding invisible Unicode characters like non-breaking spaces. https://www.rumidocs.com/newsroom/new-chatgpt-models-seem-to-leave-watermarks-on-text Asus AI Cloud Security Advisory Asus warns of a remote code execution vulnerability in its routers. The vulnerability is related to the AI Cloud feature. If your router is EoL, disabling the feature will mitigate the vulnerability https://www.asus.com/content/asus-product-security-advisory/ PyTorch Vulnerability PyTorch fixed a remote code execution vulnerability exploitable if a malicious model was loaded. This issue was exploitable even with the weight_only=True" setting selected https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6

Discussions take a deep dive into a recent wave of account lockouts caused by Microsoft Entra's new security feature, sparking chaos among users. An exploit targeting Erlang/OTP SSH vulnerabilities raises alarms with easy remote code execution. Sonicwall devices are under threat from an older command injection exploit after brute-force access. Finally, an unpatched vulnerability in bubble.io exposes projects to potential breaches, underscoring the need for vigilance in cybersecurity.

Discover how to set up a malware analysis environment in the cloud with Remnux. Dive into a critical vulnerability in the Erlang/OTP SSH library that opens doors to remote code execution. Uncover the resurgence of the Brickstorm backdoor affecting both Linux and Windows systems. Lastly, explore the controversy surrounding OpenAI's GPT 4.1 release, which stirred concerns due to the absence of safety measures against potential malware creation.

Exciting tech updates abound as Apple rolls out security fixes for iOS and other platforms, addressing exploited vulnerabilities. Meanwhile, Oracle's critical patch update tackles a staggering 378 vulnerabilities, many linked to open-source software. Google Chrome also joins the mix, fixing critical vulnerabilities in its latest release. Finally, there’s buzz about the CVE numbering scheme, with MITRE receiving extended funding and other organizations considering alternative vulnerability registers.

Data exfiltration is on the rise as attackers exploit free online services like gofile.io and pastebin. Meanwhile, OpenSSH 10.0 has been released, introducing quantum-safe ciphers and improved security by separating authentication services. Apache Roller has a newly addressed vulnerability with a notable CVSS score, while ongoing discussions about CVE funding may lead to temporary disruptions, though diverse support might see it through.

Explore the exciting update to a powerful searching tool, now enabling complex queries with regular expressions and Yara signatures. Discover significant changes in TLS certificate lifetimes that enhance security over the next few years. Dive into the alarming new malware that attacks USB drives, replacing files with malicious versions to harvest sensitive data. This intriguing mix of technical advancements and emerging threats highlights the evolving landscape of cybersecurity.

There's a surge of exploit attempts targeting a recent vulnerability in LangFlow, particularly from Tor endpoints. Fortinet uncovered threats exploiting system weaknesses, leading to new updates for improved security. Microsoft clarified that its latest patches intentionally created the inetpub directory, urging users not to delete it. The discussion also touches on the implications of patch management and highlights the importance of security measures in the evolving cyber landscape.