SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Discover the hurdles of cloud logging as Microsoft grapples with incomplete data. Delve into the complexities of end-to-end encrypted cloud storage and its inherent vulnerabilities. A malware incident tied to ESET raises alarms while critical updates from Synology and the Spring Framework highlight ongoing security challenges. Learn about a critical Grafana security release that demands attention. This episode serves as a crucial reminder of the ever-evolving landscape of cybersecurity threats.

Dive into the latest cybersecurity buzz with a deep analysis of emerging attack patterns, including port scanning from Amazon's cloud network. Explore a critical macOS vulnerability and crucial updates from Oracle, Cisco, and SAP. The discussion emphasizes the importance of timely firmware updates to thwart security risks. Plus, learn about scanning activities from a specific subnet and unexpected advertisements on government sites related to medication. It's an essential listen for those keen on staying ahead in the cybersecurity landscape!

Discover the top ten uncommon SSH usernames and passwords that could enhance your security posture. Dive into CISA's alarming product security bad practices, and learn about critical vulnerabilities in Kubernetes Image Builder. The podcast also sheds light on the Solarwinds hardcoded password exploit and methods to bypass security measures. Don't miss the insights on gearing up against these emerging threats!

A newly uncovered vulnerability in the Angular Base64 upload demo script raises critical security concerns. Quantum computing advancements pose potential threats to RSA cryptography, though recent breaches do not undermine its strength. The discussion also emphasizes the significance of cryptographic agility and introduces EDR Silencer as a noteworthy cybersecurity tool. Lastly, a new FIDO2 proposal for standardized passkey exchanges highlights efforts to enhance password security.

Discover the stealthy world of phishing with blob URLs and learn why user education is vital for cybersecurity. Dive deep into a complex vulnerability affecting Fortinet products and explore effective mitigation techniques. Uncover the new supply chain attack that can trojanize CLI commands and hear about the challenges of exploiting a newly discovered SL VPN vulnerability. Additionally, gain insights into the risks of malicious packages and the perils of name confusion in software development.

Microsoft is phasing out outdated protocols like PPTP and L2TP, pushing for stronger options to boost security. F5 Big-IP systems are under fire due to unencrypted cookie vulnerabilities that could be harmful to users. The discussion also sheds light on new threats in the travel booking sector, where scams are rising and connecting to broader ransomware issues. Additionally, a vulnerability in Zendesk has been uncovered, allowing unauthorized access to user information.

Explore a groundbreaking honeypot tool designed to outsmart attackers with real-time responses. Delve into recent critical vulnerabilities in Mozilla Firefox and GitLab, highlighting urgent updates users must implement. The discussion also touches on the impact of a hurricane in Florida, reminding listeners of how environmental events can intertwine with cybersecurity challenges.

Explore the stealthy operations of PerfCTL malware, which serves both as a cryptocurrency miner and a data thief. Discover how Golden Jackal exploits the open-source SIEM agent Wazuh for nefarious activities, breaching supposedly secure air-gapped systems using USB sticks. The discussion underscores the urgent need for patching vulnerabilities in FortiGate devices as cyber threats evolve and innovate.

October brings critical patches from Microsoft, addressing serious vulnerabilities in their software and Adobe Commerce. The discussion dives into the importance of timely updates to safeguard technology. There's also a riveting exploration of the political ramifications surrounding the British government's actions in the Kegos Islands and how it affects internet domains. Lastly, the mysterious disappearance of an internet domain adds an intriguing twist to the cybersecurity narrative.

Explore the latest cybersecurity vulnerabilities affecting macOS Sequoia and Cisco routers. Learn about a concerning flaw in Apple iTunes that raises alarms. Delve into alarming reports of attackers using an ISP's wiretap system to surveil users. The episode emphasizes the critical need for software updates and encryption to defend against these threats. Stay informed and protected in a rapidly evolving digital landscape!