SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

In this episode, experts discuss the critical timeline for removing DSA support in OpenSSH and recent vulnerabilities patched by Juniper. They highlight a significant flaw in ManageEngine's AD Self-Service and introduce an updated version of the Atomic Stealer malware, which is increasingly targeting Mac systems. The conversation emphasizes the importance of staying vigilant against evolving malware threats while exploring new infosec tools through an engaging YouTube series.

Dive into the world of cyber threats with discussions on a spike in Jenkins brute force scans. Learn about alarming vulnerabilities in Ivanti’s VPN, allowing hackers to slip through security measures. The team also highlights a privilege escalation issue in Zoom that users need to know about. Plus, stay informed on stealthy attackers targeting Apache applications. Don't miss practical cybersecurity updates and best practices to bolster your defenses.

The latest security patches from Microsoft address 48 critical vulnerabilities, covering issues in Windows Hyper-V and Kerberos. Adobe also has newly identified vulnerabilities that need attention. A noteworthy authentication coercion vulnerability in Kyocera Device Manager raises alarms. Additionally, the podcast reveals how network-connected tools like wrenches used in factories can be hacked, highlighting potential sabotage and ransomware risks. Tune in for essential insights on current cyber threats!

Dive into the fascinating world of user agents as the hosts analyze their authenticity and parsing techniques. Explore the KyberSlash vulnerability and its implications for cybersecurity. Learn about the alarming Netfilter DoS vulnerability (CVE-2024-0193) affecting the Linux kernel. The discussion also sheds light on security concerns regarding the Cacti system. Stay informed on the latest threats and trends in security!

Discover the power of PowerShell as a tool for network security while diving into alarming new phishing tactics that exploit users' trust. Uncover the latest threats from a Mac malware linked to North Korea and discuss the ongoing issues surrounding persistent login credentials in Chrome. The discussion sheds light on the broader implications of these cyber security challenges, emphasizing the evolving landscape of digital threats.

Explore the latest software patches addressing critical vulnerabilities in Wireshark and Android, including urgent updates for Ivanti's software. Discover the dark side of the internet with malicious PyPi packages that deploy crypto miners, cleverly evading detection. Plus, learn about a prank in the NPM ecosystem with the 'everything' package that wreaks havoc by installing all available packages, causing chaos for developers and their systems!

Dive into the intriguing world of malspam as various attachment types and trends from 2023 are discussed. Discover the chaos caused by a compromise in Orange Spain's RIPE account, leading to significant BGP security vulnerabilities. Learn about the Bitwarden heist and the critical exploits affecting Apple iOS. This episode delivers a compelling look into the evolving landscape of cybersecurity threats.

Discover how SSH banners play a crucial role in network security and identify potential vulnerabilities in server configurations. Delve into alarming issues surrounding Google’s OAuth 2.0 system, where malware exploits persistent cookies to hijack user sessions. Learn about new and innovative DNS amplification attacks backed by research from Tsinghua University, and gain insights into protective measures for securing DNS servers against these evolving threats.

In a recent guest diary, insights into DShield honeypot activity are shared, shedding light on recent cybersecurity threats. The discussion highlights disguised Python scripts used for data exfiltration and the evolving Mirai botnet. Critical vulnerabilities affecting Barracuda and Apache software are also analyzed, providing crucial security tips. This engaging recap ensures listeners are equipped to understand the latest in the cybersecurity landscape.

Discover essential strategies for securing web servers and protecting against directory enumeration attacks. Learn about the importance of monitoring vulnerabilities, particularly during the busy holiday season, and why honey pots can be a key tool in your defense. Get practical tips for securing your devices and family networks to stay safe during holidays. Plus, a look back at the year's highlights and a sneak peek into upcoming educational content for the new year!