SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Discover the challenges of collecting memory-only filesystems on Linux and a shell-script method to tackle them. Learn about a recent Azure Front Door outage that disrupted authentication for many users. Plus, there's a critical vulnerability in docker-compose that could lead to unauthorized file creation, urging immediate patch application. Tune in for insights and updates on these vital cybersecurity topics!

Invisible characters in email subjects are now weaponized in phishing attacks, tricking users and evading filters. A critical flaw in Apache Tomcat’s PUT method could lead to remote code execution through unauthorized file uploads. Plus, there's a newly available proof of concept for a BIND9 DNS spoofing vulnerability, highlighting trust issues with additional records. The discussion also touches on OpenVPN’s risk with unsanitized parameters that can allow command injection. Stay informed on these pressing security threats!

Explore the intriguing world of DNS as different characters are examined for transmission in hostnames. Unifi addresses a critical vulnerability in its Access product, posing a 10.0 risk. Discover the dangers of AI-enabled browsers, which increase security threats through unstructured data. A demonstration reveals how prompts can be injected into OpenAI's Atlas browser, risking data leakage. Dive into these compelling topics that highlight the evolving landscape of cybersecurity.

This discussion highlights a troubling trend of bilingual phishing attempts targeting cloud credentials, revealing how language can impact phishing success. There's also a spotlight on the newly available Kaitai Struct WebIDE, a browser-based tool for binary analysis. Additionally, Microsoft has issued an emergency patch for WSUS to address a critical vulnerability currently under exploitation. The conversation wraps up with concerns over outdated vulnerabilities in network security devices, which remain attractive targets for attackers.

A crafty infostealer is targeting Android devices, using Python and Termux to siphon off data via Telegram. The SessionReaper exploit has emerged just weeks after an Adobe patch, highlighting the urgency for e-commerce platforms. Meanwhile, a significant flaw in BIND and Unbound could open doors for DNS spoofing due to weak random number generation. Lastly, a new proof-of-concept for a WSUS vulnerability has been revealed, stressing the need for immediate security updates.

Discover the latest exploits targeting Blue Angel Software, with intriguing honeypot detections suggesting a connection to CVE-2025-34033. Oracle's recent critical patch update tackles an impressive 374 vulnerabilities, focusing on significant flaws in their e-Business Suite. Plus, explore the Rust TAR library's vulnerabilities, revealing potential risks from unmaintained packages and the challenge of managing security disclosures. Tune in for expert insights on these pressing cyber threats!

Discover the impressive accuracy of pool.ntp.org, syncing time to within 10–100 milliseconds. Uncover the recent compromise of the Xubuntu website, which was serving malware to unsuspecting users. Learn about a vulnerability in the Squid Proxy that could leak authentication credentials and the urgent need for updates. Plus, find out about a serious RCE vulnerability in Lanscope that has already been exploited, emphasizing the importance of timely patching.

Discover how Python fileless malware cleverly uses syscall() to evade detection by creating in-memory file handles. AWS recently faced significant outages, causing disruptions across various services. Meanwhile, concerns rise over compromised time servers in Beijing, pointing to potential vulnerabilities in time integrity. Tune in for insights into these pressing cyber security issues!

Discover the dark side of TikTok where videos masquerade as free software downloads but actually lead users to malware. Learn about malicious Google ads that lure macOS developers with enticing fake tools, only to spread harmful software. On top of that, delve into the alarming reality of unencrypted satellite transmissions, leaving sensitive data vulnerable to eavesdropping. Stay informed and protect yourself from these digital threats!

Mark Stephens, a cybersecurity architect at Cisco and an MSISE graduate, dives deep into active defense strategies in this discussion. He emphasizes the significance of detecting adversaries within networks using techniques like MITRE Engage. Topics include recent exploitation of a patched Cisco SNMP flaw and the discovery of a BIOS backdoor. Mark shares insights on using deception through honeytokens and honeypots for early detection, while also stressing the importance of continuously updating defenses to thwart evolving threats.