SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A critical vulnerability in MongoDB has left sensitive memory exposed and is currently being exploited. This flaw resembles the infamous Heartbleed, leaking random process data, including secrets and keys. With a patch announced just before Christmas, many systems remain at risk, especially those embedded in other products. Experts recommend not exposing MongoDB online and emphasize the need for immediate action if a compromise is suspected. Tune in for insights on securing your databases and understanding the implications of this new threat.

Explore the abuse of Thread Local Storage (TLS) callbacks in DLLs and how they can execute overlooked pre-main code. Discover a critical vulnerability in FreeBSD, allowing remote code execution through crafted IPv6 router advertisements. Learn about the NIST Boulder time server outage caused by a power failure, disrupting accurate time references for internet services. The discussion also addresses mitigation strategies and the importance of syncing with multiple NTP sources for reliability.

There's a positive trend in 2025, with fewer internet-exposed industrial control systems and a significant drop in servers using outdated SSL versions. However, the decline raises questions about whether it's due to cleanup efforts or aging devices. A critical vulnerability in HPE's OneView software allows unauthenticated remote code execution, highlighting urgent patching needs. Meanwhile, TruffleHog has upped its game, now detecting and validating JWT tokens with public keys to fortify security.

Exploit trends are shifting, with attackers honing in on applications that may have been overlooked before. There's an urgent warning about Cisco's email appliances facing a known vulnerability. SonicWall is in the spotlight due to a local privilege escalation issue now being actively exploited. Google has added a new CVE for a previously mysterious vulnerability linked to WebGPU, but no patch is available yet. Best practices for securing administrative access are also discussed, underscoring the need for robust protection.

Microsoft is moving away from RC4 for Windows authentication, providing guidance for a smooth transition. FortiCloud's SSO vulnerability is being actively exploited, prompting urgent patching recommendations. Additionally, three vulnerabilities were discovered in FreePBX, including a concerning authentication bypass that could lead to remote code execution. Security measures are emphasized, especially after potential FortiGate compromises where attackers could access sensitive configurations.

Explore the surge of React2Shell exploits detected in honeypots, highlighting variances in malware delivery. Delve into the complexities of SAML authentication, where misalignments in XML parsing can lead to security vulnerabilities. Discover how attackers misuse signed SAML error messages for fraud. Lastly, uncover issues with Microsoft Message Queuing failures linked to a recent update, shedding light on the cascading effects of software patches. This discussion is packed with insights for anyone interested in cybersecurity!

Explore the intriguing world of DLL entry points, revealing how they can execute malicious code upon loading. Discover the ongoing ClickFix attacks that cleverly use the finger protocol to deliver malware. Learn about Apple's comprehensive December 2025 patches addressing critical vulnerabilities. Plus, uncover new security concerns in React Server Components, including Denial of Service and source code exposures. Stay informed on network mitigation strategies to prevent unauthorized access.

Explore the excitement of running AI Gemma 3 on modest hardware, making AI more accessible for experimentation. Delve into a mystery Google Chrome 0-Day vulnerability that poses real risks with its exploitation already underway, despite lacking a CVE. Learn about the alarming SOAPwn attack that exposes .NET applications to serious threats through HTTP client proxies. Stay informed on the implications of these findings for developers and cybersecurity enthusiasts alike!

Discover a potential new variant of an exploit targeting Kubernetes OS command injection. Dive into the React2Shell vulnerability, along with tactical advice on filtering Next.js headers. Learn about the recent Notepad++ update hijack and the importance of verifying software signatures. Uncover a new privilege escalation vulnerability in macOS that remains unpatched. Stay informed on the latest threats and protective measures in the ever-evolving landscape of cybersecurity!

This week, the discussion highlights crucial security updates from Microsoft, including 57 flaws, with some being actively exploited. Adobe addresses vulnerabilities in ColdFusion and Acrobat, raising concerns about potential exploits. Ivanti fixes a critical stored XSS issue in its Endpoint Manager, while Fortinet faces a cryptographic flaw allowing SSO bypass. Lastly, the ruby-saml library gets patched for an incomplete fix from previous vulnerabilities. Stay informed to keep your systems secure!