SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Discover the complex world of anti-malware tools and the conflicts that can arise when they coexist on a system. Uncover the dangers lurking in fake job ads that lead to stolen cryptocurrency, as highlighted by the FBI. Learn about critical vulnerabilities in Zyxel NAS devices and the swift action taken for better protection. Stay informed about these pressing cybersecurity issues that could affect you!

Dive into the world of cybersecurity with discussions on custom packet analysis using Wireshark and Lua. Discover a vulnerability in Cox's cable modem admin API that opens the door to potential exploits. Learn about harmful Stack Overflow posts masquerading as helpful advice, pushing malware to unsuspecting users. Also, explore recent vulnerabilities in Atlassian Confluence that highlight the critical need for timely patches. Stay informed on how these threats could impact your digital safety!

Discover the rise of the K1w1 info-stealer, a sneaky new malware targeting Windows users. Learn about a free Kaspersky tool designed to enhance Linux security. Dive into the troubling security breaches at Snowflake and HuggingFace, highlighting the risks tied to AI services. The discussion emphasizes the dire need for protective measures against credential leaks and the fallout from customer negligence. Stay informed and safeguard your digital assets!

Michael Dunking, an expert in detecting cypher injection using open-source network intrusion detection, dives deep into the world of cybersecurity. He unpacks the nuances of cypher injection attacks, drawing parallels with SQL injection vulnerabilities. The conversation highlights strategies for improving detection and prevention, emphasizing the need for better coding practices. Additionally, Dunking shares insights on developing Snort rules to balance detection accuracy while minimizing false positives, critical for robust network security.

Discover the intriguing correlations between honeypot logs and PCAPs to unearth hidden threats! Learn about a serious VPN vulnerability that demands attention and integration with SIEM systems for robust cybersecurity. Dive into the alarming world of credential stuffing with Okta's Identity Cloud and why multifactor authentication is no longer optional. Plus, hear about the challenges of brute forcing old Bitcoin wallet passwords. This insightful discussion sheds light on essential strategies to bolster your cybersecurity defenses.

Discover the world of SQL injection prevention with Python techniques. Delve into a new PoC exploit in Fortinet's systems that raises concerns about OS command injections. Learn about ShrinkLocker, a ransomware variant abusing BitLocker. Uncover critical vulnerabilities, including a privilege escalation bug identified by Apple and a glib C function flaw. The podcast emphasizes the pressing need for timely software updates and effective input validation to fend off evolving cyber threats.

Explore the rising threat of the '.txz' file extension, now being used in malicious spam attachments. Discover Google's crucial decision to stop trusting the Global Trust certificate authority, impacting digital security. Learn about checkpoint warnings regarding password brute forcing and how to enhance your VPN security. This episode emphasizes the need for vigilance in digital communications and adapting security practices to counter evolving threats.

Dive into the intriguing world of redtail malware, a crypto coin miner exploiting weak passwords. Learn about critical vulnerabilities in Veeam Backup that raise alarm bells for security. The podcast also unpacks a synchronization glitch affecting a root name server, jeopardizing DNS stability. Plus, keep up with recent software weaknesses that pose risks. Stay informed and vigilant in the ever-evolving landscape of cyber threats.

Discover innovative uses of the ipinfo API for NMAP scanning, revealing how it can function without traditional scanning. Delve into the surprising concept of your Wi-Fi router acting like an Apple AirTag. Unpack the evolution of NMAP from a basic tool to a robust Wi-Fi data collector. The discussion also highlights privacy concerns surrounding location services and the steps taken by tech giants to prioritize user privacy.

Discover innovative cybersecurity tactics like stealthy scanning with the Shodan API. Vulnerabilities in iTerm2 and GitHub Enterprise Server are put under the microscope, highlighting critical security concerns. There's also a deep dive into the risks of secret handling in Bitbucket pipelines. Additionally, learn about Microsoft's Copilot Plus PCs and how to navigate privacy in our tech-centric world. Each topic reveals the urgency of maintaining cybersecurity in a rapidly evolving landscape.