SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Explore the world of cybersecurity with fascinating insights into the DShield SIEM's ELK dashboard for traffic analysis. Uncover the shocking details of a new AMD CPU microcode vulnerability revealed by Google, complete with a proof of concept. Dive into a VIM flaw that could let attackers execute arbitrary code through specially crafted files. And watch out for a peculiar snail mail scam, where fraudsters are impersonating ransomware groups to extort payments from executives. A mix of cautionary tales and technical discussions!

A Romanian attacker expands their scanning tactics to hunt for SMTP credentials, complicating cybersecurity efforts. An update to mac-robber.py resolves symlink issues, enhancing security tool functionality. A serious vulnerability in ADSelfService Plus could allow unauthorized access without MFA. Google's March Android update tackles critical vulnerabilities, while PayPal's no-code-checkout feature faces exploitation by scammers. Broadcom addresses three VMware vulnerabilities to prevent potential virtual machine breaches.

Discover the nuances of the 'Mark of the Web' in Windows, revealing how it stores information like source URLs and referrers. Dive into a crafty phishing attack that exploits SharePoint via the Microsoft Graph API, luring users to execute harmful commands. Learn about a critical vulnerability in Paragon Partition Manager that enables attackers to escalate privileges for ransomware deployment, even without the software installed. Stay informed on these pressing cybersecurity threats!

The podcast dives into alarming AI training data leaks, revealing that the Common Crawl dataset harbors exposed API keys and secrets. It also discusses GitHub's Copilot inadvertently accessing sensitive data from previously private repositories. The MITRE Caldera framework is highlighted for its potential vulnerability, allowing unauthorized code execution. Lastly, it addresses a modsecurity rule bypass, emphasizing the critical importance of regular software updates to enhance cybersecurity defenses.

Join Ben Powell, a principal security engineer with 15 years in cybersecurity, as he dives into some pressing digital threats. He discusses the Njrat malware exploiting Microsoft's dev tunnels and highlights new vulnerabilities in Apple’s FindMy that could endanger users. The conversation also covers alarming trends in mass website exploitation through XSS vulnerabilities in virtual tour frameworks. Plus, learn about effective strategies against ransomware and the strengths and weaknesses of various cybersecurity solutions for small businesses.

Discover the hidden risks of ephemeral ports as attackers use them to exfiltrate data, prompting the need for vigilant traffic monitoring. A compromised Visual Studio Code theme has alarmingly reached millions, with its exact malicious intent still under wraps. The shocking theft at ByBit reveals how a compromised developer workstation can lead to monumental losses. Additionally, a vulnerability in NAKIVO backup systems sparks concerns as a proof of concept exploit surfaces, catching the cyber world off guard.

A massive botnet is targeting Microsoft 365 accounts using stolen credentials from infostealer malware, highlighting the urgency for better authentication methods. Misconfigurations in OpenID pose significant security risks, allowing private keys to accidentally be exposed. Additionally, patients downloading DICOM image viewers are tricked into installing malware, raising alarms about deceptive practices in the healthcare sector. These discussions emphasize the need for vigilance and improved security measures across digital platforms.

Discover the latest Unfurl update that improves URL decoding and timestamp management. Learn how Google is phasing out SMS for GMail, opting for Passkeys instead. Beware of new PayPal phishing tactics that exploit legitimate emails. The podcast also covers vulnerabilities in mail servers, including a serious Exim SQL injection flaw and a newly discovered 0-day in Parallels. Stay informed about evolving cyber threats and enhance your security awareness!

Discover the latest advancements in cybersecurity tools, including the innovative sigs.py for hash verification. Google introduces quantum-safe digital signatures in its cloud key management, marking a significant shift in security. The conversation also delves into recent issues with Windows 11 updates affecting file usability. Finally, researchers raise alarms about numerous vulnerabilities in 5G and LTE networks, underlining the urgent need for enhanced security in our digital infrastructure.

Discover how to leverage ES|QL in Kibana for querying DShield honeypot logs effectively. Dive into the vulnerabilities of Mongoose leading to potential MongoDB exploits. Uncover the issues within the U-Boot open-source bootloader that could allow malicious code execution. Learn about key updates to Unifi Protect Cameras that address security risks. Lastly, explore innovative ways to treat network devices as endpoints, enhancing detection and privilege management to bolster cybersecurity.