SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Discover the power of OctoSQL, a tool that lets you query vulnerability data in various formats using SQL. Learn how the Mirai botnet is back in action, exploiting weaknesses in the Wazuh tool. The EU is making strides with its new public recursive resolver, enhancing privacy compliance. Plus, find out about the challenges WordPress faces with plugin management and the Linux Foundation's FAIR Package Manager, aimed at simplifying plugin updates and addressing security concerns.

Learn how a powerful script, pngdump.py, is now able to extract hidden data from PNG files. Delve into the alarming discovery of 16 backdoored npm packages that could threaten thousands of users. MacOS faces a new challenge as fake captcha schemes lure users into malware traps. Plus, find out about Microsoft's handy PowerShell script to recover mistakenly deleted inetpub folders. Stay informed about these evolving threats and the creative strategies being developed to counter them!

Beware of fake Zoom client downloads! Scammers are sending deceptive invites that lead to malicious updates. The Python tarfile module has a vulnerability that needs attention, as its new filter isn't functioning as intended. Additionally, HP has addressed a critical remote code execution flaw in their Insight Remote Support software. Stay informed and cautious in the digital landscape!

A cunning phishing tactic is discussed, where malicious links are cleverly hidden from Outlook users using HTML comments. Amazon's shift to non-blocking logging raises concerns about potential log loss while enhancing application stability. Critical security updates from Cisco, including the removal of a backdoor vulnerability, are highlighted. Infoblox vulnerabilities are also detailed, prompting a reminder of the importance of keeping software up to date. This conversation is essential for anyone interested in cybersecurity.

Delve into the cybersecurity landscape as recent exploits in vBulletin create concern, especially for PHP 8.1 users. Google Chrome receives urgent patches for flaws, one of which is actively exploited. Roundcube's vulnerability allows any logged-in user to execute code, highlighting serious webmail risks. Additionally, HP’s StoreOnce faces vulnerabilities that could enable remote code execution. The discussion emphasizes the critical importance of timely updates and hints at exciting upcoming events at the SANS Fire conference.

A simple SSH backdoor exploits Windows clients, offering unauthorized access through a sneaky configuration. Google Chrome shakes things up by distrustful of certain certificate authorities, impacting digital certificates. Microsoft rushes an emergency fix for a bug that halts system restarts after a patch, affecting both virtual and physical machines. Meanwhile, Qualcomm scrambles to address a vulnerability in its Adreno GPU, already under exploitation, highlighting the urgent need for security updates.

Discover how a PNG image can hide malware through clever Python coding, raising alarms about current detection methods. Delve into the critical vulnerabilities in Cisco Wireless Controllers that allow for arbitrary code execution. Unpack the implications of changes to PHP that exposed once-protected methods in vBulletin, leading to a surge in exploit attempts. This discussion emphasizes the need for advanced security measures as attackers adapt to new technologies.

Oren Niskin, an industrial control system cybersecurity expert at GuidePoint Security, discusses critical cyber threats. He explains how alternate data streams can be manipulated for defense evasion and shares insights on the recent ConnectWise breach affecting remote access solutions. The conversation shifts to innovative tactics used by APT41, highlighting attacks via Google Calendar. Niskin emphasizes the importance of proactive strategies and deception techniques to enhance security in industrial environments, bridging the gap between IT and OT networks.

A compelling exploration reveals how AI can assist in analyzing cyber attacks, sparked by a student's investigation with a honeypot sample. The risks of ransomware are highlighted, particularly with vulnerabilities in SimpleHelp that cybercriminals exploit to target managed service providers. Additionally, the podcast delves into a serious OS command injection vulnerability found in Everetz equipment, which remains unpatched, raising alarms about the need for prompt security measures.

Discover how SSH backdoors are created through unauthorized access to authorized_keys files and why managing these files is crucial. Dive into the unsettling vulnerabilities of the Meteobridge software that allow remote command execution without authentication. Learn about the recent SQL injection issues in ManageEngine ADAuditPlus and the potential risks they pose. Finally, uncover the Dero Miner botnet's innovative technique of infecting Docker containers via exposed APIs to mine cryptocurrency.