SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

This segment dives into critical updates from Microsoft, highlighting vulnerabilities with serious risks, including a Windows kernel bug that is being actively exploited. The dangers of the Gladinet Triofox vulnerability are discussed, revealing how it can allow attackers to gain admin access simply by manipulating the Host header. Additionally, updates on SAP's patching efforts for significant SQL vulnerabilities are covered. Lastly, insights into Ivanti Endpoint Manager's risk management and patch guidance are shared, ensuring listeners stay ahead of threats.

Honeypots are revealing username scans related to 3CX business phone systems, highlighting vulnerabilities in predictable usernames and passwords. A controversy unfolds around a default password issue in WatchGuard products, which has garnered CVE attention following a firmware update. Additionally, a code execution vulnerability in the JavaScript expr-eval library raises security concerns, with recommendations for developers to patch and audit their code using npm. Tune in for critical insights into the evolving landscape of cybersecurity!

Attackers are increasingly scanning for exposed code repositories, prompting calls for proactive security measures. Newly discovered malicious NuGet packages are delivering time-delayed attacks targeting industrial control systems, raising alarms in cybersecurity circles. Additionally, research reveals that encrypted traffic to large language models can leak user prompt information based on packet sizes, highlighting new vulnerabilities. Stay tuned to understand these emerging threats and how to protect against them!

Discover how PowerShell can be a powerful tool for correlating malware samples with honeypot logs. Learn about the alarming expansion of the RondoDox bot, which now boasts new exploits. Stay informed with the latest Google Chrome update addressing five critical vulnerabilities, including severe risks related to WebGPU. Additionally, listen in on discussions surrounding urgent Cisco patches that tackle serious security flaws, potentially allowing unauthorized system access. Cybersecurity insights you can't afford to miss!

Discover the latest enhancements to the Domainname API, making data retrieval faster and more flexible. Dive into the alarming Microsoft Teams vulnerabilities that allow for easy impersonation and spoofing of users. Learn about the in-depth analysis of the VSHELL remote control implant, highlighting its functionality and detection strategies. Stay alert against unexpected internal messages with practical advice on verification. This episode is packed with critical insights for navigating today’s cybersecurity landscape.

Apple addresses 110 vulnerabilities with a comprehensive OS upgrade, raising questions about exploitability. Attackers leverage remote management tools to infiltrate trucking and logistics sectors, employing fake load postings as a phishing tactic. A critical vulnerability in Android allows remote code execution, underscoring the urgency to apply patches promptly. Insights on the financial repercussions of these cyber threats highlight the importance of controlling remote access in securing logistics operations.

Discover the latest threats in cybersecurity, including exploit attempts targeting XWiki SolrSearch, linking attackers to unusual references. Dive into the AMD Zen 5 RDSEED bug, where random number generation issues could pose security risks. Explore the alarming rise of malicious Open VSX extensions, particularly focusing on the SleepyDuck malware that targets crypto developers. Stay informed about these crucial topics that could impact digital security!

Beware of rising scans on TCP ports 8530 and 8531, as threat actors target WSUS vulnerabilities. The Australian Signals Directorate warns about the BADCANDY webshell implant exploiting unpatched Cisco IOS XE devices. Meanwhile, Open VSX is ramping up security measures after a troubling incident, introducing improvements like shorter token lifetimes and easier revocation processes. Stay updated and secure in the ever-evolving landscape of cyber threats!

Explore the intriguing world of bug bounty programs, where new HTTP headers are making waves for identifying researchers. Proton has launched a breach observatory to uncover unreported data breaches, raising questions about transparency. Discover best practices for hardening Microsoft Exchange Server, implemented in collaboration with national cyber security agencies. Finally, learn about a critical vulnerability in the MOVEit file transfer program, prompting immediate action for users. Tune in for essential insights in cyber security!

Discover the challenges of collecting memory-only filesystems on Linux and a shell-script method to tackle them. Learn about a recent Azure Front Door outage that disrupted authentication for many users. Plus, there's a critical vulnerability in docker-compose that could lead to unauthorized file creation, urging immediate patch application. Tune in for insights and updates on these vital cybersecurity topics!