SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Discover the clever CTRL-Z DLL hooking technique that malware uses to dodge analysis by overwriting breakpoints. Learn about a serious vulnerability in Entra ID allowing global admin access and hear about the critical patches released by Microsoft. There's also a discussion on WatchGuard's out-of-bounds write flaw and NVIDIA's fixes for vulnerabilities in its Triton Inference Server. Tune in for the latest updates in cyber security!

Discover the urgent need for phishing-resistant authentication amid rising cyber threats. Recent attacks on npm accounts showcase how dangerous phishing emails can be. Additionally, a new wave of malware is targeting npm-related GitHub repositories, spreading through worm-like behavior. Explore shocking exploits in ChatGPT's calendar integration that could compromise personal email security. Stay informed about these critical cybersecurity issues to better protect yourself online!

Major updates from Apple address 33 vulnerabilities in their operating systems, improving security while adding new features. A reminder of the upcoming end of support for Windows 10 and older Exchange versions is issued. Developers in the Rust community are facing fresh phishing attacks, echoing previous compromises. Meanwhile, Samsung patches a significant 0-day vulnerability in its flagship phones, enhancing user safety. Stay updated on all these crucial tech developments!

Archive files are becoming prime targets as attackers search for vulnerabilities. The FBI warns of social engineering threats aimed at Salesforce, with no new vulnerabilities but significant risks. A new campaign named 'White Cobra' showcases malicious cursor extensions that threaten users. The episode dives into the financial consequences of these cyber threats and emphasizes the importance of securing misconfigured backups.

Discover the latest updates on the DShield SIEM tool, which visually tracks honeypot activity. Hear about the alarming rise in compromised SonicWall devices, as flagged by Australia's Signals Directorate. Delve into the privacy concerns surrounding website keystroke logging, revealing that many sites capture more than just form data. This episode emphasizes the critical need for user awareness and robust incident response strategies in today's cybersecurity landscape.

Explore the intriguing use of base64 encoding in DNS and its implications for security, particularly for botnets. Discover critical vulnerabilities recently patched in Google Chrome, Ivanti, and Sophos that could allow remote code execution and authentication bypass. Additionally, learn about Apple's new memory integrity enforcement feature designed to bolster device security against spyware and enhance developer tools. Stay informed about the latest in cybersecurity threats and solutions!

This edition dives into the latest Microsoft Patch Tuesday, tackling 177 vulnerabilities, with 13 deemed critical. Surprisingly, none had been previously exploited. The discussion also highlights Adobe's patches for nine products and the critical vulnerabilities addressed by SAP, including one with a perfect CVSS score. Timely updates are emphasized as crucial to maintaining system security.

A significant compromise of popular npm libraries highlights how phishing scams can impact millions of downloads weekly. The discussion details how attackers utilized lookalike domains to infiltrate systems. Additionally, the introduction of HTTP request signatures aims to enhance bot traffic identification, providing a new layer of security. This approach addresses challenges in differentiating between good and harmful bots, paving the way for more effective digital signature mechanisms.

Discover how to convert YARA offsets for debugging and what this means for cybersecurity. Learn about a Colombian phishing campaign leveraging JavaScript in SVG files, risking user security. Also, hear about critical vulnerabilities in FreePBX software, including one that was actively exploited, underscoring the need for swift patching to enhance security.

Cloudflare revealed alarming details about a rogue certificate issued for the popular 1.1.1.1 DNS resolver, stressing the importance of avoiding complacency in certificate management. The risks of username reuse on platforms like Huggingface were explored, highlighting how deleted accounts can be hijacked. Additionally, a critical vulnerability in macOS was discussed, which could allow unauthorized decryption of sensitive data stored in the Keychain, underscoring the need for regular software updates.