SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Delve into the cybersecurity landscape as recent exploits in vBulletin create concern, especially for PHP 8.1 users. Google Chrome receives urgent patches for flaws, one of which is actively exploited. Roundcube's vulnerability allows any logged-in user to execute code, highlighting serious webmail risks. Additionally, HP’s StoreOnce faces vulnerabilities that could enable remote code execution. The discussion emphasizes the critical importance of timely updates and hints at exciting upcoming events at the SANS Fire conference.

A simple SSH backdoor exploits Windows clients, offering unauthorized access through a sneaky configuration. Google Chrome shakes things up by distrustful of certain certificate authorities, impacting digital certificates. Microsoft rushes an emergency fix for a bug that halts system restarts after a patch, affecting both virtual and physical machines. Meanwhile, Qualcomm scrambles to address a vulnerability in its Adreno GPU, already under exploitation, highlighting the urgent need for security updates.

Discover how a PNG image can hide malware through clever Python coding, raising alarms about current detection methods. Delve into the critical vulnerabilities in Cisco Wireless Controllers that allow for arbitrary code execution. Unpack the implications of changes to PHP that exposed once-protected methods in vBulletin, leading to a surge in exploit attempts. This discussion emphasizes the need for advanced security measures as attackers adapt to new technologies.

Oren Niskin, an industrial control system cybersecurity expert at GuidePoint Security, discusses critical cyber threats. He explains how alternate data streams can be manipulated for defense evasion and shares insights on the recent ConnectWise breach affecting remote access solutions. The conversation shifts to innovative tactics used by APT41, highlighting attacks via Google Calendar. Niskin emphasizes the importance of proactive strategies and deception techniques to enhance security in industrial environments, bridging the gap between IT and OT networks.

A compelling exploration reveals how AI can assist in analyzing cyber attacks, sparked by a student's investigation with a honeypot sample. The risks of ransomware are highlighted, particularly with vulnerabilities in SimpleHelp that cybercriminals exploit to target managed service providers. Additionally, the podcast delves into a serious OS command injection vulnerability found in Everetz equipment, which remains unpatched, raising alarms about the need for prompt security measures.

Discover how SSH backdoors are created through unauthorized access to authorized_keys files and why managing these files is crucial. Dive into the unsettling vulnerabilities of the Meteobridge software that allow remote command execution without authentication. Learn about the recent SQL injection issues in ManageEngine ADAuditPlus and the potential risks they pose. Finally, uncover the Dero Miner botnet's innovative technique of infecting Docker containers via exposed APIs to mine cryptocurrency.

Discover the intriguing world of SVG steganography, where messages can be cleverly hidden in vector graphics. Tune in to hear about a critical vulnerability in Fortinet products that’s already facing exploitation in the wild. The podcast also delves into an emerging threat: remote prompt injection in GitLab Duo, exposing potential risks linked to source code manipulation. Uncover how these issues could compromise both data security and integrity in the tech landscape.

Learn how to create resilient backup connectivity for your home network and avoid hidden backdoors. Discover the dangers of abusing dMSA in Active Directory that can lead to privilege escalation. Delve into a serious flaw in the samlify library that allows SAML Single Sign-On bypass, potentially enabling attackers to assume other users' identities. The discussion emphasizes the need for timely updates and secure configurations to protect against evolving cybersecurity threats.

Scammers are exploiting trust with a new variant of crypto confidence scams, luring victims into pricey VIP memberships under false pretenses. The danger extends to browser security, as malicious Chrome extensions impersonate reputable services to steal sensitive information. Developers aren't safe either; malicious Visual Studio Code extensions target them specifically to exfiltrate secrets. This episode covers the evolving landscape of online threats, highlighting the need for vigilance against cunning tactics.

Researchers are now being encouraged to identify themselves during internet scans for transparency. Unused CNAME records pose a potential risk, allowing attackers to hijack public cloud resources. Additionally, a vulnerability in openpgp.js could enable spoofing of message signatures, raising concerns for encrypted communications. The discussion emphasizes the balance between ethical research practices and cybersecurity challenges in the digital landscape.