SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Dive into the world of cyber security with a look at recent SharePoint exploits, showcasing how to decode their malicious payloads. Discover the dangers of the compromised npm package 'is', swiftly neutralized after it spread malware. Plus, learn about Microsoft's new recovery feature for Windows 11, designed to rescue machines stuck in reboot loops. The blend of technical insights and innovative solutions makes for an engaging and informative listen.

Microsoft has rolled out crucial security updates for SharePoint 2016, addressing serious vulnerabilities. Meanwhile, WinZip's latest version improves privacy by concealing download URLs in zipped files. The podcast also delves into the Menace of Interlock ransomware, providing detailed insights from a recent government collaboration. Lastly, Sophos has patched multiple vulnerabilities in its firewalls, two of which are critical but affect a limited user base. Stay informed to keep your systems secure!

Microsoft patched a critical SharePoint vulnerability, introducing an authentication bypass CVE. A review of patching speeds shows they could be improved. Meanwhile, HPE addressed vulnerabilities in its access points that allowed for risky exploits. Concerns were raised about a bug in AppLocker policies that could lead to bypassing security rules. Additionally, the Ghost Crypt malware is using Zoho WorkDrive to trick users into downloading malicious files.

A new remote code execution exploit targeting SharePoint has emerged, creating significant security concerns. Recent phishing attempts impersonate Veeam, featuring voicemail themes to trick unsuspecting users. Additionally, there's a clever phishing attack leveraging QR codes to bypass security in Passkey logins. The discussion wraps up with essential security recommendations and insights from a recent cybersecurity event, highlighting the ever-evolving landscape of online threats.

Discover the sneaky world of Linux extended file attributes, where payloads can be cleverly concealed. Learn about critical vulnerabilities found in Cisco's Identity Services Engine that could allow unauthenticated users to execute code remotely. Oracle has rolled out a massive patch for over 300 flaws, highlighting the urgency for updates. Plus, Broadcom addresses vulnerabilities in VMware products, ensuring a safer digital environment. It's a whirlwind of cybersecurity insights and essential updates you won't want to miss!

The discussion highlights the alarming misuse of the file-sharing service catbox.moe as a malware host. Experts dive into an ongoing campaign targeting SonicWall devices, revealing the extensive exploitation via the OVERSTEP backdoor. Additionally, a new zero-click attack strategy, known as RenderShock, showcases a dangerous method of weaponizing trust in file rendering processes, allowing attackers to launch sophisticated payloads without user interaction. Cybersecurity vulnerabilities are explored alongside vital mitigation strategies.

A newly discovered keystroke logger stores data in alternate data streams, raising concerns about data privacy. Mac users are under attack from a malicious version of Homebrew, advertised through Google ads. A critical remote code execution vulnerability has been found in Broadcom's Symantec systems, potentially exposing many to threats. Additionally, a developer's workstation was compromised by a malicious AI extension, leading to a staggering loss of $500,000 in cryptocurrency. Cybersecurity issues are evolving rapidly!

Honeypot log volumes have surged dramatically, indicating a robust botnet targeting systems like SonicWall. Discover a shocking investigation revealing 18 malicious browser extensions that deceived millions into downloading malware. The discussion also dives into RDP forensics, providing essential techniques for preventing lateral movement and ensuring better incident response. Tune in to learn about the evolving landscape of cyber threats and the vital safeguards that can keep users secure.

Discover a groundbreaking domain feed aimed at identifying potential phishing threats through innovative data aggregation. Learn about recent vulnerabilities in Wing FTP Server and FortiWeb that are actively being exploited, emphasizing the urgent need for updates. Dive into the alarming Rowhammer vulnerability affecting NVIDIA GPUs, showcasing industry-wide risks. This discussion not only illuminates current cybersecurity challenges but also reinforces the importance of vigilance among web developers and organizations.

Dive into the world of cyber security vulnerabilities, where SSH tunneling is exploited by attackers to relay traffic through compromised servers, targeting services like Yandex email. Discover the alarming risk posed by an unauthenticated SQL injection vulnerability in FortiWeb, potentially allowing unauthorized code execution. Plus, learn about critical flaws in Ruckus products, where multiple vulnerabilities remain unpatched, highlighting the necessity for restrictive access. Cyber risks are evolving; stay informed!