SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A crafty infostealer is targeting Android devices, using Python and Termux to siphon off data via Telegram. The SessionReaper exploit has emerged just weeks after an Adobe patch, highlighting the urgency for e-commerce platforms. Meanwhile, a significant flaw in BIND and Unbound could open doors for DNS spoofing due to weak random number generation. Lastly, a new proof-of-concept for a WSUS vulnerability has been revealed, stressing the need for immediate security updates.

Discover the latest exploits targeting Blue Angel Software, with intriguing honeypot detections suggesting a connection to CVE-2025-34033. Oracle's recent critical patch update tackles an impressive 374 vulnerabilities, focusing on significant flaws in their e-Business Suite. Plus, explore the Rust TAR library's vulnerabilities, revealing potential risks from unmaintained packages and the challenge of managing security disclosures. Tune in for expert insights on these pressing cyber threats!

Discover the impressive accuracy of pool.ntp.org, syncing time to within 10–100 milliseconds. Uncover the recent compromise of the Xubuntu website, which was serving malware to unsuspecting users. Learn about a vulnerability in the Squid Proxy that could leak authentication credentials and the urgent need for updates. Plus, find out about a serious RCE vulnerability in Lanscope that has already been exploited, emphasizing the importance of timely patching.

Discover how Python fileless malware cleverly uses syscall() to evade detection by creating in-memory file handles. AWS recently faced significant outages, causing disruptions across various services. Meanwhile, concerns rise over compromised time servers in Beijing, pointing to potential vulnerabilities in time integrity. Tune in for insights into these pressing cyber security issues!

Discover the dark side of TikTok where videos masquerade as free software downloads but actually lead users to malware. Learn about malicious Google ads that lure macOS developers with enticing fake tools, only to spread harmful software. On top of that, delve into the alarming reality of unencrypted satellite transmissions, leaving sensitive data vulnerable to eavesdropping. Stay informed and protect yourself from these digital threats!

Mark Stephens, a cybersecurity architect at Cisco and an MSISE graduate, dives deep into active defense strategies in this discussion. He emphasizes the significance of detecting adversaries within networks using techniques like MITRE Engage. Topics include recent exploitation of a patched Cisco SNMP flaw and the discovery of a BIOS backdoor. Mark shares insights on using deception through honeytokens and honeypots for early detection, while also stressing the importance of continuously updating defenses to thwart evolving threats.

Discover a new Python infostealer that targets clipboard images, potentially compromising sensitive data like crypto addresses. F5 faces a serious breach with stolen source code and unpatched vulnerabilities, urging users to swiftly apply critical updates. Adobe has released patches for 12 products, addressing various vulnerabilities and oversights. Meanwhile, SAP highlights significant updates, particularly around high-severity deserialization vulnerabilities, prompting a closer look at their security measures. Stay informed and secure!

Microsoft announced the final patches for several Windows and Office products, marking the end of free updates for certain software. Ivanti provided an advisory with interim mitigation steps for new vulnerabilities. Fortinet addressed critical issues related to command bypass and brute-force weaknesses. Listeners are encouraged to prioritize updates based on normal vulnerability management. The discussions offer crucial insights into navigating recent cybersecurity challenges and ensuring robust digital protection.

A surge in scans targeting the Chinese ESAFENET document system has raised concerns about security vulnerabilities. Investigations reveal targeted payroll pirate attacks are compromising US universities by redirecting employee paychecks through clever phishing techniques. To combat apparent risks, Microsoft is tightening controls on its Edge browser's IE Mode, which has been exploited due to its outdated JavaScript engine. Experts discuss essential mitigations for payroll fraud, emphasizing the importance of strong authentication methods.

Oracle has released an urgent patch for its E-Business Suite, raising concerns about potential exploitation. Meanwhile, a significant compromise of SonicWall's SSLVPN appliances has been reported, leading to rapid account takeovers. An unpatched vulnerability in Gladinet's CentreStack is being actively exploited, prompting users to take immediate precautions. Additionally, 7-Zip has issued patches for two critical vulnerabilities that could allow arbitrary code execution. Stay updated and ensure your systems are secure!