SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

This podcast discusses the analysis of MIME files, infostealers searching for password files, a simple netcat backdoor, the response to the ZDI release by EXIM, and an exploit for a WS_FTP vulnerability. The chapters cover a netcat backdoor, a password-hunting backdoor, EML dump for malware analysis, the XM WONA Belize vulnerability update, NTLM authentication risks, and the importance of updating WSFTP servers.

This podcast covers topics such as IP address representation, a Chrome update fixing a 0-day vulnerability, unpatched EXIM vulnerabilities, and WSFTP vulnerabilities.

Topics discussed in this podcast include a GPU side channel attack in web browsers, compromised routers with backdoor access, confusion regarding libwebp vulnerabilities, and fake Dependabot commits.

Discover a new variety of phishing attack that uses a unique technique to trick users. Learn about a phishing email and the release of Mac OS Sonoma with its security updates including fixes for vulnerabilities.

Report on targeted attacks using LuaJIT malware against telcos in Europe, North Africa, and the Middle East. Discussion on critical vulnerabilities in System Information Library for Node.js and JetBrains TeamCity.

Discussion on vulnerabilities in Laravel framework and importance of securing sensitive credentials. Mention of fake proof of concept exploit for Winrar vulnerability. Details on the Venom rat exploit and attack on hotel networks. Announcement of upcoming event in Jacksonville.

Apple Patches Three 0-Days https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238 WebP Vulnerability https://blog.isosceles.com/the-webp-0day/ MOVEit Transfer Service Pack https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023 Improved Passkey Support in Windows 11 https://www.microsoft.com/en-us/security/blog/2023/09/21/new-microsoft-security-tools-to-protect-families-and-businesses/

What's Normal: DNS TTL Values https://isc.sans.edu/forums/diary/What's%20Normal%3F%20DNS%20TTL%20Values/30234/ CISA Highlights Snatch Ransomware https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a npm packages caught exfiltrating Kubernetes config, SSH keys https://blog.sonatype.com/npm-packages-caught-exfiltrating-kubernetes-config-ssh-keys Nagios XI Vulnerabilities https://outpost24.com/blog/nagios-xi-vulnerabilities/

Obfuscated Scans For Older Adobe Experience Manager Vulnerabilities https://isc.sans.edu/diary/Obfuscated%20Scans%20for%20Older%20Adobe%20Experience%20Manager%20Vulnerabilities/30230 Trend Micro Apex One 0-day https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US SprySOCKS Backdoor https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html GitLab Patches https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/

Internet Wide Multi VPN Search from Single /24 Network https://isc.sans.edu/diary/Internet%20Wide%20Multi%20VPN%20Search%20From%20Single%20%2024%20Network/30226 iOS/iPadOS/tvOS/WatchOS Updates https://support.apple.com/en-us/HT201222 Juniper Vuln Details/Exploit CVE-2023-36845 https://vulncheck.com/blog/juniper-cve-2023-36845