SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Honeypot log volumes have surged dramatically, indicating a robust botnet targeting systems like SonicWall. Discover a shocking investigation revealing 18 malicious browser extensions that deceived millions into downloading malware. The discussion also dives into RDP forensics, providing essential techniques for preventing lateral movement and ensuring better incident response. Tune in to learn about the evolving landscape of cyber threats and the vital safeguards that can keep users secure.

Discover a groundbreaking domain feed aimed at identifying potential phishing threats through innovative data aggregation. Learn about recent vulnerabilities in Wing FTP Server and FortiWeb that are actively being exploited, emphasizing the urgent need for updates. Dive into the alarming Rowhammer vulnerability affecting NVIDIA GPUs, showcasing industry-wide risks. This discussion not only illuminates current cybersecurity challenges but also reinforces the importance of vigilance among web developers and organizations.

Dive into the world of cyber security vulnerabilities, where SSH tunneling is exploited by attackers to relay traffic through compromised servers, targeting services like Yandex email. Discover the alarming risk posed by an unauthenticated SQL injection vulnerability in FortiWeb, potentially allowing unauthorized code execution. Plus, learn about critical flaws in Ruckus products, where multiple vulnerabilities remain unpatched, highlighting the necessity for restrictive access. Cyber risks are evolving; stay informed!

Learn how to set up your own internal certificate authority for development with practical tips. Discover the dangerous animation-driven tapjacking technique on Android, which can trick users into unwanted actions. The discussion highlights concerning vulnerabilities in more than a dozen Adobe products, notably in ColdFusion, where code execution risks loom large. Delve into the significance of robust mobile application security and the alarming lack of protection in many popular apps.

A major patch day for Microsoft sees 139 vulnerabilities addressed, with 14 rated as critical. The discussion also highlights a new TLS vulnerability known as the 'opossum attack,' which lets attackers inject requests in specific configurations. Additionally, Ivanti has rolled out updates to tackle significant issues in their products, including a concerning password decryption flaw. Tune in for insights on these emerging threats and essential fixes in the cybersecurity landscape!

Discover how malware can cleverly detect its environment through filename tricks, making analysis difficult. A new version of the Atomic macOS info-stealer, equipped with a backdoor, enables attackers to maintain persistent access to compromised systems. The podcast also dives into alarming SEO scams promoting trojaned versions of popular tools, showcasing the dangers of malvertising. Learn about vulnerabilities exploited by attackers that could lead to remote code execution on cloud services.

Dive into intriguing usernames found in honeypots that could reveal security risks. Discover how the sudo command can be exploited to gain unauthorized access. Learn about the newly documented CitrixBleed2 vulnerability and its proof of concept. Plus, find out why Instagram has opted for six-day TLS certificates to boost security. Each topic highlights essential insights into current cybersecurity challenges.

Local users can exploit a vulnerability in the Linux sudo command to gain root access, raising significant security concerns. The podcast also delves into polymorphic zip files, which can yield different data during extraction, depending on the tool used. Additionally, there's a critical flaw in Cisco's Unified Communications Manager that allows attackers to access devices using unchangeable default credentials. These discussions emphasize the importance of patching and understanding security vulnerabilities in modern software.

The podcast dives into the latest from the hacking group Scattered Spider, focusing on their dangerous social engineering tactics targeting airlines. A serious vulnerability in AMI BIOS is also highlighted, as it's currently being exploited. Listeners are reminded of the impending expiration of Secure Boot certificates, which is crucial for operating system security. Finally, Microsoft unveils its Resiliency Initiative, emphasizing enhanced security while introducing changes that could affect security tool functionality.

Developers beware: a flaw in the Open-VSX extension marketplace could jeopardize every extension available. Bluetooth vulnerabilities in the Airoha chipset may allow eavesdropping on personal devices, raising alarms about privacy. Additionally, critical weaknesses in Cisco's Identity Services Engine could enable remote attackers to gain root access. Learn about the growing threat landscape and upcoming events aimed at boosting cybersecurity awareness!