SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Discover a mind-bending steganography challenge where encoding tricks are unveiled! Learn about the FBI's warning on end-of-life routers being exploited by botnets for criminal activities. Dive into the ASUS Driverhub vulnerability that opens doors for CSRF attacks and arbitrary code execution. Be cautious of SEO poisoning tactics targeting RV Tools, designed to trick admins into installing malicious software. Stay informed about these crucial cybersecurity threats and ensure your systems are secure!

Discover innovative ways to utilize SSH connections to bypass restrictive network access. Delve into the lingering vulnerabilities of Samsung's magicINFO 9, which remains exploitable despite attempts to patch it. Learn about the alarming exploit targeting SentinelOne's endpoint protection, revealing how attackers can shut down defenses. The discussion also highlights Commvault's ineffective patch management, showcasing the ongoing risks to backup systems. It’s a must-listen for anyone concerned about cybersecurity!

Dive into the fascinating world of modular malware that cleverly downloads specific features as needed, including a detailed look at a webcam module. Explore the alarming vulnerabilities in the IT management software SysAid, which could lead to severe data breaches. Learn about a critical flaw in Cisco's wireless controller software that allows unauthorized file uploads and execution of root code. Lastly, discover how Ubiquity addressed a dangerous buffer overflow in its Protect camera firmware. Cybersecurity concerns have never been more pressing!

An intriguing Python infostealer has been discovered, featuring an embedded web server for local phishing sites. The monthly Android update addresses a serious Freetype vulnerability, critical in many devices. CISA warns about unsophisticated cyber actors targeting operational technology, highlighting the necessity of basic security measures. The discussion also dives into exploits related to compressed font files and the significance of regular software updates in defending against such threats.

A new twist in the ongoing threat landscape as the Mirai botnet now exploits a vulnerability in Samsung's MagicINFO CMS. Meanwhile, Kali Linux faces challenges after losing its signing key, requiring users to adapt to a new one. The dangers of default configurations in out-of-the-box Helm charts for Kubernetes are also highlighted, revealing how they can compromise security through exposed ports and lack of authentication. Stay informed to keep your systems secure!

A new steganography challenge has listeners decoding hidden messages, with solutions to come soon. Microsoft is pushing Passkeys as the default login method, aiming for a password-free future. Big changes are on the horizon as Microsoft Authenticator will no longer serve as a password safe, shifting users to Edge's password prefill. Meanwhile, alarm bells ring as backdoors in Magento components are discovered, activating after years of dormancy, raising questions about vendor security.

Discover the secrets of steganography as techniques for extracting hidden data from images are unveiled. Learn about a new trend where malicious Python packages exploit Gmail for command and control, posing serious risks to developers. Delve into the alarming tactics used by a French threat actor, targeting property management firms to divert tenant rent payments. This insightful discussion sheds light on pressing cybersecurity challenges and offers strategies for better protection.

Recent scans targeting SonicWall vulnerabilities are skyrocketing, possibly linked to brute force attacks. An alarming IPv6-based malware tactic has emerged where attackers use spoofed DNS servers to deliver malicious updates. Additionally, a significant flaw in Windows Remote Desktop Protocol may allow logins using outdated credentials, raising pressing security concerns. Technology enthusiasts and security experts alike will find these breaking developments both intriguing and alarming.

More Scans for SMS Gateways and APIs Attackers are not just looking for SMS Gateways like the scans we reported on last week, but they are also actively scanning for other ways to use APIs and add on tools to send messages using other people s credentials. https://isc.sans.edu/diary/More%20Scans%20for%20SMS%20Gateways%20and%20APIs/31902 AirBorne: AirPlay Vulnerabilities Researchers at Oligo revealed over 20 weaknesses they found in Apple s implementation of the AirPlay protocol. These vulnerabilities can be abused to execute code or launch denial-of-service attacks against affected devices. Apple patched the vulnerabilities in recent updates. https://www.oligo.security/blog/airborne

SRUM-DUMP Version 3: Uncovering Malware Activity in Forensics Mark Baggett released SRUM-DUMP Version 3. The tool simplifies data extraction from Widnows System Resource Usage Monitor (SRUM). This database logs how much resources software used for 30 days, and is invaluable to find out what software was executed when and if it sent or received network data. https://isc.sans.edu/diary/SRUM-DUMP%20Version%203%3A%20Uncovering%20Malware%20Activity%20in%20Forensics/31896 Novel Universal Bypass For All Major LLMS Hidden Layer discovered a new prompt injection technique that bypasses security constraints in large language models. The technique uses an XML formatted prequel for a prompt, which appears to the LLM as a policy file. This Policy Puppetry can be used to rewrite some of the security policies configured for LLMs. Unlike other techniques, this technique works across multiple LLMs without changing the policy. https://hiddenlayer.com/innovation-hub/novel-universal-bypass-for-all-major-llms/ CHOICEJACKING: Compromising Mobile Devices through Malicious Chargers like a Decade ago The old Juice Jacking is back, at least if you do not run the latest version of Android or iOS. This issue may allow a malicious USB device, particularly a USB charger, to take control of a device connected to it. https://pure.tugraz.at/ws/portalfiles/portal/89650227/Final_Paper_Usenix.pdf SANS @RSA: https://www.sans.org/mlp/rsac/