SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Explore the intricate web of business email compromise, highlighting prevention strategies and the urgency of proactive management. Dive into alarming vulnerabilities in Mitel's MyCollab platform, featuring authentication bypass risks and the need for quick patches. The conversation also celebrates Alan Paller's induction into the Cybersecurity Hall of Fame, underscoring his impact on the field. Plus, discover insights on the Lorex 2K Indoor Wi-Fi Security Camera and HPE Aruba vulnerabilities, keeping you updated on the latest in cybersecurity developments.

Dive into the essential role of data analysis in cybersecurity, spotlighting its impact on tackling massive data challenges. The FBI issues a crucial warning for iPhone and Android users regarding text communications. Discover vulnerabilities in SailPoint's Identity IQ and the Solana web3.js library, along with insights on necessary patches. Explore the complexities of Rich Communication Services and their implications for security. This episode delves into the intersection of cybersecurity threats and innovative solutions.

Learn how everyday Word documents can be hiding malicious files and the tactics attackers use to exploit them. Discover the shocking arrest of a CEO in South Korea for incorporating DDoS capabilities into satellite receivers. The discussion also highlights critical vulnerabilities in Veeam software that allow for remote code execution and a Microsoft privilege escalation flaw linked to cybercriminal activity. It's a deep dive into the evolving world of cyber threats and security risks!

Explore the critical role of Credential Guard in preventing lateral movement in cybersecurity. Discover the alarming trend of exploiting corrupted Word documents in phishing attacks. Learn about essential best practices for managing API keys alongside the vulnerabilities in the IBM Security Verify Access Appliance. Delve into the importance of threat-informed defense strategies and how recent breaches highlight the need for swift action and robust mitigation measures.

The podcast dives into the latest cybersecurity threats, emphasizing the significance of honeypot systems in countering attacks. It discusses obfuscation techniques used by hackers in evolving infostealers. The conversation also reveals dangerous credit card skimmer malware targeting Magento, just in time for the busy shopping season. Additionally, it highlights the alarming rise of the first UEFI bootkit for Linux, showcasing the ever-evolving landscape of cyber dangers.

Discover how using tools like Zeek, Snort, and Grafana can help detect crypto mining malware. Learn about a new Russian APT strategy that exploits nearby Wi-Fi networks for covert access. Dive into the introduction of NachoVPN, a unique solution in the VPN world. Stay updated on crucial Keycloak security patches and PHP updates. The discussion also highlights concerning IoT vulnerabilities, particularly weak SSH passwords, just in time for the Thanksgiving holiday.

Quick & Dirty Obfuscated JavaScript Analysis https://isc.sans.edu/diary/Quick%20%26%20Dirty%20Obfuscated%20JavaScript%20Analysis/31468 Decrypting a PDF With a User Password https://isc.sans.edu/diary/Decrypting%20a%20PDF%20With%20a%20User%20Password/31466 The strange case of disappearing Russian servers https://isc.sans.edu/diary/The%20strange%20case%20of%20disappearing%20Russian%20servers/31476 QNAP Buggy Firmware Update https://community.qnap.com/t/firmware-qts-5-2-2-2950-build-20241114-released/254 7-ZIP Zstandard Decompression Integer Underflow https://www.zerodayinitiative.com/advisories/ZDI-24-1532/ https://7-zip.org/download.html

Increase In Phishing SVG Attachments https://isc.sans.edu/diary/Increase%20In%20Phishing%20SVG%20Attachments/31456 Logging blind spot revealed in FortiClient VPN https://pentera.io/blog/FortiClient-VPN_logging-blind-spot-revealed/ Needrestart Vulnerability https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

Apple Patches Two Exploited Vulnerabilities https://isc.sans.edu/diary/Apple%20Fixes%20Two%20Exploited%20Vulnerabilities/31452 Oracle Patch for Agile Product Lifecycle Management CVE-2024-21287 https://www.oracle.com/security-alerts/alert-cve-2024-21287.html OFBiz Patches CVE-2024-47208 CVE-2024-48962 https://nvd.nist.gov/vuln/detail/CVE-2024-47208 https://seclists.org/oss-sec/2024/q4/95 D-Link Warns of Vulnerability in EOL Devices https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10415

Detecting the Presence of a Debugger in Linux https://isc.sans.edu/diary/Detecting%20the%20Presence%20of%20a%20Debugger%20in%20Linux/31450 Palo Alto Patches https://security.paloaltonetworks.com/CVE-2024-0012 https://security.paloaltonetworks.com/CVE-2024-9474 VMware vCenter Server Attacks https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968e Veritas Enterprise Vault Vulnerability https://www.veritas.com/support/en_US/security/VTS24-014