SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) cover image

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Latest episodes

undefined
4 snips
Apr 25, 2025 • 7min

SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues;

Attacks against Teltonika Networks SMS Gateways Attackers are actively scanning for SMS Gateways. These attacks take advantage of default passwords and other commonly used passwords. https://isc.sans.edu/diary/Attacks%20against%20Teltonika%20Networks%20SMS%20Gateways/31888 Commvault Vulnerability CVE-2205-34028 Commvault, about a week ago, published an advisory and a fix for a vulnerability in its backup software. watchTowr now released a detailed writeup and exploit for the vulnerability https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/ Exploitation Trends Q1 2025 Vulncheck published a summary of exploitation trends, pointing out that about a quarter of vulnerabilities are exploited a day after a patch is made available. https://vulncheck.com/blog/exploitation-trends-q1-2025 inetpub directory issues The inetpub directory introduced by Microsoft in its April patch may lead to a denial of service against applying patches on Windows if an attacker can create a junction for that location pointing to an existing system binary like Notepad. https://doublepulsar.com/microsofts-patch-for-cve-2025-21204-symlink-vulnerability-introduces-another-symlink-vulnerability-9ea085537741
undefined
Apr 24, 2025 • 6min

SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco

Discover the intricacies of maintaining a honeypot and the importance of dynamic configurations to keep your security measures sharp. Learn about a serious breach in the XRPL.js library, which allowed attackers to steal secret keys through malicious updates. The podcast also highlights a critical vulnerability in the Erlang/OTP SSH library affecting Cisco equipment, emphasizing the urgent need for patches and security vigilance in the tech community.
undefined
Apr 23, 2025 • 6min

SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed

Discover the latest advancements in cybersecurity tools, including the innovative uses of ad hoc YARA rules for simplified threat detection. Dive into a chilling discussion on a DKIM replay attack that successfully spoofed Google by reusing signatures. The vulnerabilities in SSL.com’s email validation process raise concerns about webmail security and certificate issuance. This podcast delves into these critical topics that shape the future of online safety.
undefined
Apr 22, 2025 • 6min

SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE

It's 2025, so why are malicious advertising URLs still going strong? Phishing attacks continue to take advantage of Google s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing services flag the URL. https://isc.sans.edu/diary/It%27s%202025...%20so%20why%20are%20obviously%20malicious%20advertising%20URLs%20still%20going%20strong%3F/31880 ChatGPT Fingerprinting Documents via Unicode ChatGPT apparently started leaving fingerprints in texts, which it creates by adding invisible Unicode characters like non-breaking spaces. https://www.rumidocs.com/newsroom/new-chatgpt-models-seem-to-leave-watermarks-on-text Asus AI Cloud Security Advisory Asus warns of a remote code execution vulnerability in its routers. The vulnerability is related to the AI Cloud feature. If your router is EoL, disabling the feature will mitigate the vulnerability https://www.asus.com/content/asus-product-security-advisory/ PyTorch Vulnerability PyTorch fixed a remote code execution vulnerability exploitable if a malicious model was loaded. This issue was exploitable even with the weight_only=True" setting selected https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6
undefined
Apr 21, 2025 • 8min

ANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug

Discussions take a deep dive into a recent wave of account lockouts caused by Microsoft Entra's new security feature, sparking chaos among users. An exploit targeting Erlang/OTP SSH vulnerabilities raises alarms with easy remote code execution. Sonicwall devices are under threat from an older command injection exploit after brute-force access. Finally, an unpatched vulnerability in bubble.io exposes projects to potential breaches, underscoring the need for vigilance in cybersecurity.
undefined
Apr 18, 2025 • 6min

SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy

Discover how to set up a malware analysis environment in the cloud with Remnux. Dive into a critical vulnerability in the Erlang/OTP SSH library that opens doors to remote code execution. Uncover the resurgence of the Brickstorm backdoor affecting both Linux and Windows systems. Lastly, explore the controversy surrounding OpenAI's GPT 4.1 release, which stirred concerns due to the absence of safety measures against potential malware creation.
undefined
Apr 17, 2025 • 6min

SANS Stormcast Thursday April 17th: Apple Updates; Oracle Updates; Google Chrome Updates; CVE News;

Exciting tech updates abound as Apple rolls out security fixes for iOS and other platforms, addressing exploited vulnerabilities. Meanwhile, Oracle's critical patch update tackles a staggering 378 vulnerabilities, many linked to open-source software. Google Chrome also joins the mix, fixing critical vulnerabilities in its latest release. Finally, there’s buzz about the CVE numbering scheme, with MITRE receiving extended funding and other organizations considering alternative vulnerability registers.
undefined
Apr 16, 2025 • 6min

SANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes

Data exfiltration is on the rise as attackers exploit free online services like gofile.io and pastebin. Meanwhile, OpenSSH 10.0 has been released, introducing quantum-safe ciphers and improved security by separating authentication services. Apache Roller has a newly addressed vulnerability with a notable CVSS score, while ongoing discussions about CVE funding may lead to temporary disruptions, though diverse support might see it through.
undefined
9 snips
Apr 15, 2025 • 6min

SANS Stormcast Tuesday April 15th: xorsearch Update; Short Lived Certificates; New USB Malware

Explore the exciting update to a powerful searching tool, now enabling complex queries with regular expressions and Yara signatures. Discover significant changes in TLS certificate lifetimes that enhance security over the next few years. Dive into the alarming new malware that attacks USB drives, replacing files with malicious versions to harvest sensitive data. This intriguing mix of technical advancements and emerging threats highlights the evolving landscape of cybersecurity.
undefined
Apr 14, 2025 • 7min

SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;

There's a surge of exploit attempts targeting a recent vulnerability in LangFlow, particularly from Tor endpoints. Fortinet uncovered threats exploiting system weaknesses, leading to new updates for improved security. Microsoft clarified that its latest patches intentionally created the inetpub directory, urging users not to delete it. The discussion also touches on the implications of patch management and highlights the importance of security measures in the evolving cyber landscape.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
App store bannerPlay store banner