SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A recent security bulletin revealed a critical memory overflow vulnerability in Citrix's NetScaler, posing denial of service risks if unpatched. Meanwhile, CentOS Web Panel faces a serious remote code execution flaw that allows file uploads from users. The ongoing battle against vulnerabilities continues with Gogs' insufficient patch for file deletion exploits. On a progressive note, Let's Encrypt is preparing to issue IP address-based certificates, a game-changer for TLS certification that helps devices without hostnames.

Discover the intriguing evolution of password brute forcing over the past decade, revealing attackers' changing strategies. Learn about the alarming rise in attempts per scan, despite the consistency in password length. Delve into a new attack method called 'FileFix,' which tricks users into executing dangerous commands. Additionally, explore the trend of threat actors creating counterfeit software, like a fake Sonicwall Netextender, aimed at stealing user credentials. Stay informed on these pressing cybersecurity challenges!

The podcast dives into alarming scans targeting Ichano AtHome IP Cameras using easily guessable credentials like 'super_yg' and '123'. A critical vulnerability, CVE-2025-5777, is discussed regarding the Citrix Netscaler Gateway, which could put a lot of users at risk if not addressed. Additionally, the hosts reveal a concerning issue with WinRAR that could lead to remote code execution due to compromised file extraction paths. Listeners are urged to take immediate action to secure their systems.

Explore the fascinating world of alternate data streams in NTFS with innovative tools like cut-bytes.py and filescanner. Discover how Microsoft is tightening security on Windows 365 Cloud PCs with enhanced defaults. Unpack the recent directory traversal vulnerability in zend.to and its implications for file sharing. Lastly, dive into the unexpected quirks of Go's JSON and XML parsers, revealing how they can lead to security surprises. This blend of topics provides a rich landscape of current cybersecurity challenges.

New hires beware! It only took two weeks for phishing attempts to target a fresh employee after they joined. Scammers are cunningly hijacking big-name websites to insert fake tech support numbers, leading users astray. Plus, there's a new wave of phishing focusing on academics, creatively convincing them to generate app-specific passwords for Google services. Stay alert!

Discover how to expertly extract data from JPEG files with a nifty tool, jpegdump.py. Microsoft's new Windows 11 feature allows European users to export data while managing encryption keys. Meanwhile, the Anubis ransomware takes a dark turn by wiping data even after ransom payments. Plus, critical vulnerabilities in Mitel software are discussed, highlighting the urgency for immediate security measures. Stay informed about these emerging threats and cutting-edge tech developments!

Uncover the sinister world of cyber threats as the hosts discuss malware cleverly disguised within JPEG images. They highlight an alarming trend where JavaScript obfuscation is employed on a staggering 200,000 websites to spread malware. Additionally, the revival of expired Discord invite links as traps for unsuspecting users illustrates the creative tactics cybercriminals are using to target victims. Stay alert, as the cybersecurity landscape is constantly evolving!

Dive into the world of cybersecurity with an intriguing discussion on honeypot scripts and automated tools for DShield investigations. Discover the alarming EchoLeak vulnerability in Microsoft 365 Copilot that allowed zero-click data leaks. The podcast also unpacks a Thunderbolt vulnerability where unsuspecting users could be tricked into downloading malicious files via deceptive email links. This episode highlights the urgency of user awareness and the importance of keeping software updated to fend off these threats.

Discover the sneaky Quasar RAT that can be installed via bat files, hidden within PNG images. Microsoft is delaying the Windows 11 24H2 rollout due to unexpected issues from the latest updates. An exploration of a newly patched SMB client vulnerability reveals its exploitation potential. Connectwise is taking security seriously by rotating signing certificates after a compromise. Lastly, the KDE terminal presents a concerning vulnerability that may allow arbitrary code execution through telnet URLs. Stay informed and secure!

A deep dive reveals Microsoft patched a staggering 67 vulnerabilities, with 10 critically urgent. One issue is already under attack, highlighting the need for swift updates. Turning to Adobe, the team discusses patches for 7 applications, including crucial updates for Adobe Commerce and Acrobat Reader. The latter's flaws could allow code execution through deceptive PDFs. Cybersecurity is more crucial than ever as these discussions underscore the importance of timely software updates.