SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Spyware is exploiting vulnerabilities in messaging apps, using tools like keystroke loggers to invade users' privacy. A warning against inputting passwords into random websites highlights the danger of careless online behavior. The critical vulnerabilities in Fluent Bit that could allow remote takeovers are discussed, urging rapid patching for affected users. As Thanksgiving approaches, the focus turns to being safe online and the importance of trusting cloud security.

Conflicts between URL mapping and access control could create serious security gaps. A new destructive worm called Sha1-Hulud is wreaking havoc on NPM and GitHub, stealing credentials and even deleting home directories. Meanwhile, Hacklore.org is tackling outdated security tips, with an open letter from former CISOs addressing common myths about public Wi-Fi and password changes. This dialogue highlights the critical need for updated security advice in a rapidly evolving digital landscape.

Discover how phishing sites are using CSS stuffing to confuse detection engines with harmless code. Explore the alarming news about a critical vulnerability in Oracle Identity Manager that could be exploited as a zero-day attack. Plus, learn about ClamAV's efforts to clean up and streamline its signature database to improve security efforts. This discussion highlights the ever-evolving landscape of cyber threats and the innovative methods attackers employ.

Adam Wilson, a Senior Manager in DevSecOps and application security expert, discusses the automation of generative AI guidelines to mitigate prompt injection risks. He introduces MITRE ATLAS, detailing how it enhances ATT&CK by specifying AI-related threats and their defenses. Adam highlights four main mitigations, emphasizing the value of layered defenses and automation in DevOps environments. Additionally, he shares insights on conducting experiments with different AI defense techniques and underscores the need for ongoing research to bolster security measures.

Dive into the complexities of Unicode, where seemingly funny domain names hide serious vulnerabilities. Discover multiple vulnerabilities in the FortiWeb API and CLI, exacerbated by active exploits. Learn about the troubling DLink DIR-878 router issues, which won't receive patches due to its end-of-life status. Uncover the alarming Operation WrtHug, exposing how thousands of ASUS routers have fallen victim to a global espionage campaign. Tune in for insights on mitigating these threats with better admin controls!

Today's discussion dives into the evolving threat of Kong Tuke, tracing its origins to a ClickFix attack. The complexities of traffic direction systems are unpacked, illustrating their significance in the cyber underground economy. A major outage at Cloudflare is attributed to a faulty bot protection configuration, highlighting the risks of automated scripts. Additionally, Google addresses urgent vulnerabilities in Chrome, including a zero-day exploit already in the wild, stressing the importance of quick updates.

Explore the fascinating world of binary expression decoding where arithmetic operations are now simplified with a new hex script. Discover the alarming NPM pollution incident, with 150,000 spammy submissions aimed at tricking the system for a new tea token. Lastly, learn about critical vulnerabilities patched in IBM AIX's NIMSH daemon, including a serious remote code execution threat. Tune in for a blend of tech insights and cybersecurity updates!

Fortinet recently admitted to a critical vulnerability in FortiWeb after exploit attempts were discovered. The podcast dives into how attackers use directory traversal and JSON impersonation to access admin functions. It also covers the emerging ClickFix attacks, where malicious PowerShell code tricks users into bypassing security measures. Additionally, learn how attackers leverage the finger.exe binary to retrieve payloads and the importance of monitoring network traffic to detect such threats.

A nefarious SmartApeSG campaign has emerged, using ClickFix to deliver the NetSupport RAT through clever redirection. Meanwhile, Formbook showcases its crafty obfuscation techniques by utilizing multiple scripts to evade detection. The discussion also highlights newly patched vulnerabilities in sudo-rs, revealing risks beyond memory safety. Lastly, the SANS Holiday Hack Challenge is back, featuring engaging micro challenges ideal for novices, along with themes and prizes that promise to excite participants!

A new release candidate for the OWASP Top 10 list is changing the game, adding critical focus on supply-chain vulnerabilities. Learn how advanced threats exploited zero-day vulnerabilities in Citrix and Cisco to deploy web shells. Plus, there’s a spotlight on tools for assessing your readiness for post-quantum cryptography, ensuring your services can withstand future computing threats. Don't miss these essential updates that could shape your cybersecurity strategies!