SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Forest Blizard, an expert in cybersecurity tools and vulnerabilities, joins the discussion to highlight persistent issues like the Struts2 devmode vulnerability still affecting systems after ten years. He analyzes his own custom post-compromise tool for exploiting CVE-2022-38028 and sheds light on crucial updates in the April 2024 Exchange Server hotfix. The conversation also covers alarming threats from the hijacking of antivirus updates, showcasing the ever-evolving landscape of cybersecurity risks.

A staggering rise in industrial devices connected to the internet reveals increasing security vulnerabilities. The discussion dives into how XDR tools, initially designed for defense, can be morphed into offensive weapons. Additionally, a GitLab flaw reminiscent of a GitHub bug is explored, emphasizing the ongoing risks malware can pose. Join the conversation on the intersection of technology and security!

A shift in CVE formats is under discussion, bringing changes that impact how vulnerabilities are reported. The podcast dives into a critical zero-day vulnerability affecting CrushFTP and examines a privilege escalation issue with YubiKey Manager. Meanwhile, they reveal how malware can be distributed using GitHub comments linked to a Microsoft repository. Finally, updates on security challenges facing Palo Alto Networks are highlighted, painting a clear picture of the evolving cyber threat landscape.

Recent vulnerabilities in Delinia Secret Server and Ivanti Avalanche are causing alarm, emphasizing the need for immediate patches. A sophisticated phishing campaign is also targeting mobile users via SMS, showcasing the evolving threat landscape. Dive into advanced attack methods with Hashicorp's Go-getter library vulnerabilities and discover a stealthy virus affecting Ukraine, known for its clever document infections. Cybersecurity is more crucial than ever in this rapidly changing environment!

Discover the alarming use of malicious PDFs that trick users into harmful downloads. Uncover the escalating threat to open-source projects, where attackers exploit maintainers for fast code approvals. Learn about the critical vulnerabilities in container systems that hackers are targeting. Stay informed on updated defensive strategies to combat these emerging security risks.

Hear about major cybersecurity vulnerabilities that emerged in April 2024, including a severe exploit affecting Palo Alto Networks' GlobalProtect. Learn about the risks associated with PuTTY's private key recovery. Discover Oracle's critical patch updates that tackle numerous security issues. Plus, find out how Ivanti is enhancing security for its mobile device management solution. Essential listening for anyone interested in staying ahead of the latest cyber threats!

This discussion dives into critical cybersecurity vulnerabilities recently uncovered, including a significant flaw in Palo Alto Networks. Delinia's Secret Server also faced a critical patch. A newly discovered password reset issue in Lancom's Windows Setup could pose risks. The panel highlights the leak of Duo SMS and VoIP logs, raising concerns about data security. Lastly, an alarming attempted audio deepfake attack on a LastPass employee demonstrates the evolving tactics of cyber threats.

A critical vulnerability in Palo Alto Networks' GlobalProtect software has emerged, allowing attackers to execute remote code and gain root access. The discussion highlights recent exploitation incidents, emphasizing the urgency of applying patches. Experts stress the importance of disabling telemetry to safeguard against these threats. Stay informed and protect your systems!

A serious vulnerability in Windows batch file execution could lead to OS command injection attacks. Programming languages like Rust and Node.js are stepping up, while Java remains inactive. Fortinet's Linux client faces scrutiny for remote code execution flaws. The conversation also highlights Apple's new threat notifications against mercenary spyware. Developers are urged to stay alert for malicious code in open source, as a new trick has emerged in supply chain attacks.

A critical vulnerability in Rust's command API could allow OS command injection, scoring a perfect 10 on the CVSS scale. Adobe's recent updates tackle serious flaws in their commerce product. The discussion also highlights urgent vulnerabilities in Fortinet's FortiOS and FortiProxy, prompting immediate updates. Additionally, a curious signed backdoor named Smoke and Screen Mirrors raises alarm for potential exploits. Tune in for vital cybersecurity insights and the importance of timely patches!