SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Explore a newly patched vulnerability in Apache Camel that sparks various internal scans. Discover how upcoming security requirements will change the way certificate authorities verify domain ownership. Delve into the murky waters of a possible data breach at Oracle, raising questions about accountability and customer trust. This discussion highlights the importance of vigilance in cybersecurity, especially following recent incidents, urging users to reevaluate their security protocols.

Explore the fascinating world of phishing with a deep dive into two seemingly similar sites that use different backend technologies. Discover how a new phishing variant leverages DNS MX records and DoH for more targeted attacks. Plus, learn about an innovative tool that incorporates OpenID Connect with SSH, streamlining secure login processes. This discussion highlights the evolving methods of cyber threats and the importance of robust security measures.

A recent deserialization attack targeted Sitecore, exploiting a thumbnail access token header. Google’s Project Zero detailed a zero-click NSO BlastPass exploit in iOS using a WebP vulnerability. Splunk patched several vulnerabilities, including one that allowed code execution for authenticated users. Meanwhile, Mozilla patched an active sandbox escape vulnerability in Firefox. The podcast highlights these critical security issues while urging listeners to stay informed on evolving cyber threats.

Discover innovative methods for classifying malware using machine learning and entropy-driven feature selection. Learn about dangerous NPM packages that masquerade as legitimate software but introduce reverse shells. Additionally, uncover a recently patched vulnerability in Google Chrome that was exploited against media and educational groups in Russia. Delve into the world of cybersecurity and the latest emerging threats in the digital landscape.

Discover the surge in exploit attempts targeting an XWiki vulnerability that allows command injection. Learn about the FBI's warning regarding unsafe online file converters. Follow the latest on a VMWare Tools flaw that could escalate user privileges within virtual machines. Hear about issues with Draytek routers stuck in a reboot loop and the advised fixes. Finally, get insights into the recent exploitation of a Microsoft Management Console vulnerability patched just days ago.

Discover the intriguing world of bot behavior as they cleverly use privacy headers to blend in, yet may make spotting them easier. Dive into the critical vulnerabilities in Kubernetes environments that could lead to serious compromises. Stay alert to the FBI's warnings about file converter scams, emphasizing the need for caution with untrusted downloads. Plus, learn about a VSCode extension that turns out to harbor ransomware. This episode is packed with essential cyber security insights!

A critical vulnerability in Next.js could allow unauthorized access, raising alarms about middleware verification. The need for immediate patching is emphasized to protect applications. Meanwhile, Microsoft's Trust Signing Service is exploited by attackers to generate signatures for malware. This alarming trend sheds light on the potential dangers of poor verification processes in software development. Understanding these vulnerabilities is crucial for maintaining robust cybersecurity practices.

Discover the latest on data feeds and the impact of a recent SEO scam targeting bloggers. Learn about Veeam's alarming deserialization vulnerability and the insufficient patch that remains a concern. Dive into the critical security risks surrounding IBM's AIX operating system, where an unauthenticated remote code execution vulnerability poses serious threats. Stay informed and boost your cyber vigilance with these essential updates!

Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 CVE-2024-20440 Attackers added last September's Cisco Smart Licensing Utility vulnerability to their toolset. These attacks orginate most likely from botnets and the same attackers are scanning for a wide range of additional vulnerabilities. The vulnerability is a static credential issue and trivial to exploit after the credentials were published last fall. https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Cisco%20Smart%20Licensing%20Utility%20CVE-2024-20439%20and%20CVE-2024-20440/31782 Legacy Driver Exploitation Through Bypassing Certificate Verification Ahnlab documented a new type of "bring your own vulnerable driver" vulnerability. In this case, an old driver used by an anit-malware and anti-rootkit system can be used to shut down arbitrary processeses, including security related processeses. https://asec.ahnlab.com/en/86881/ Synology Vulnerability Updates Synology updates some security advisories it release last year adding addition details and vulnerable systems. https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 https://www.synology.com/en-global/security/advisory/Synology_SA_24_24

Python Bot Delivered Through DLL Side-Loading A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Side-Loading/31778 Tomcat RCE Correction To exploit the Tomcat RCE I mentioned yesterday, two non-default configuration options must be selected by the victim. https://x.com/dkx02668274/status/1901893656316969308 SAML Roulette: The Hacker Always Wins This Portswigger blog explains in detail how to exploit the ruby-saml vulnerablity against GitLab. https://portswigger.net/research/saml-roulette-the-hacker-always-wins Windows Shortcut Zero Day Exploit Attackers are currently taking advantage of an unpatched vulnerability in how Windows displays Shortcut (.lnk file) details. Trendmicro explains how the attack works and provides PoC code. Microsoft is not planning to fix this issue https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html