SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Recent cyber attack attempts target Dassault's DELMIA Apriso software due to a patched deserialization vulnerability. The discussion also covers Google's September Android updates, addressing exploited privilege escalation flaws. Additionally, the podcast highlights a certificate issued for Cloudflare's DNS service, raising concerns about network vulnerabilities and security flaws. Proactive measures are emphasized to combat these evolving cyber threats.

Dive into the dark world of sextortion as experts analyze 1,900 scam messages and their effectiveness over four years. Discover alarming insights into Azure AD client secret theft, revealing how attackers exploit exposed credentials. Learn about a new bot that cleverly uses ICMP and DNS for covert communications, combining two protocols for stealthy command execution. Lastly, find out about the critical updates for FreePBX and the importance of staying secure amidst these rising cybersecurity threats.

A new update for pdf-parser fixes critical streaming issues, enhancing security measures. In a troubling development, compromised OAuth tokens from Salesloft Drift have led to significant data breaches. The podcast also reveals how attackers are misusing the Velociraptor tool, typically for incident response, to gain remote access within breached networks. Finally, a default password vulnerability in NeuVector has been patched, emphasizing the need for security in software installations. Stay alert and informed!

In this installment, experts highlight an alarming rise in attacks targeting .zip files, as attackers seek out careless backups. They delve into a critical vulnerability in FreePBX that's currently being exploited, along with new mitigations and a beta patch. Additionally, the discussion covers a recently patched authentication bypass vulnerability in Passwordstate, which could expose emergency passwords. Tune in for essential insights into these pressing cyber security issues!

Discover an intriguing malware technique that uses PowerShell to launch shellcode, evading security protocols. Learn about the NX build package compromise that leveraged AI to pilfer credentials. The discussion also highlights a global report on the 'Volt Typhoon' cyber threat, revealing the extensive impact of state-sponsored espionage. Stay informed about these critical cyber risks and how they may affect systems worldwide.

The discussion dives into the risks associated with International Domain Names (IDNs) and how mixed scripts can signal phishing attempts. A Python script is introduced to analyze these names for security flaws. The hosts also spotlight critical vulnerabilities in Citrix Netscaler, one of which is already actively being exploited. Additionally, they cover a Git vulnerability that has been exploited post-patch, emphasizing the urgency of keeping systems updated to fend off potential threats.

Uncover the secrets of Microsoft Word as experts reveal how it tracks document interactions. Delve into the risks posed by AI image downscaling, where seemingly innocent photos can unleash harmful text. The discussion doesn't stop there; learn about a critical vulnerability in the IBM Jazz Team Server that poses serious security threats. Discover advancements in understanding document security and how to safeguard against these emerging cyber risks!

A significant update on IP address formatting has kicked off the discussion, marking the end of zero-padded addresses. Attacks targeting Indian Linux desktops using .desktop files are on the rise, showcasing the creative tactics of Pakistani attackers. Meanwhile, a malicious Go module is exposing credentials through clever disguises as an SSH brute forcer. Lastly, Microsoft is tightening restrictions on email sending from its onmicrosoft.com domain, aiming to enhance security for its users.

The importance of using the '-n' command line switch is highlighted, focusing on how it can enhance operational security by disabling reverse DNS lookups. Recent vulnerabilities in Commvault's enterprise backup solution are discussed, urging immediate patches for users. Additionally, a concerning Docker Desktop vulnerability is unveiled, revealing how attackers could escape from containers to compromise the host system. The insights stress the need for developers to prioritize security in their software.

Discover the strange usernames popping up in honeypot logs related to Airtel routers. Apple swiftly addresses a 0-day vulnerability in their systems with crucial updates. Uncover the complexities of Microsoft Copilot’s audit logs and its implications for data access. Finally, learn about alarming clickjacking vulnerabilities plaguing many password managers, highlighting the essential need for prompt security enhancements.