SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Attackers are exploiting .well-known directories to gather sensitive API documentation for reconnaissance. A critical vulnerability in Red Hat's OpenShift AI Service allows low-privileged users to escalate their access to cluster administrator. The podcast highlights serious flaws in the TOTOLINK X6000R routers, particularly a dangerous unauthenticated command injection. Lastly, a memory corruption flaw in DrayTek's Vigor series routers could let unauthorized users execute arbitrary code, making swift patching essential.

Explore the fascinating world of honeypot passwords, revealing how many match those on Have I Been Pwned and the unique variations that exist. Discover a critical vulnerability in OneLogin that exposes application secrets, highlighting security implications. Dive into groundbreaking research on breaking Intel's SGX through memory inspection, showcasing vulnerabilities and potential hardware modification risks. Finally, stay informed about crucial OpenSSL patches designed to fix several vulnerabilities, including a remote code execution issue.

Explore the ongoing risks of cookie-based authentication, where even a simple 'user=admin' can lead to significant vulnerabilities. Discover the critical command injection exploit in Western Digital's My Cloud devices and the importance of timely firmware updates. Learn about an actively exploited sudo vulnerability that allows privilege escalation with minimal effort. This insightful discussion highlights the need for vigilance in cybersecurity practices.

Apple has rolled out important patches fixing a font parsing vulnerability across its platforms. There’s a rising number of scans targeting a specific vulnerability in Palo Alto Global Protect, highlighting concerns for security. Additionally, new insights reveal the Nimbus Manticore malware is utilizing valid SSL.com certificates, complicating detection efforts. Tune in for a deep dive into these pressing cybersecurity topics!

Discover a new tool that transforms Unix timestamps in .bash_history into readable formats, aiding forensic investigations. Explore the alarming vulnerabilities in Cisco ASA/FTD devices, with warnings about ongoing exploitations dating back a year. Additionally, learn about a phishing scheme using GitHub notifications to impersonate Y Combinator, tricking crypto startups into downloading harmful malware. Stay informed and secure with insights on vulnerabilities and remediation strategies!

Explore the alarming rise in scans targeting the .well-known directory for webshells. Cisco's critical vulnerabilities are currently being exploited, urging immediate patching to prevent unauthorized access. Delve into a new XCSSET variant that preys on Xcode projects, stealing sensitive crypto data from developers' clipboards. Additionally, learn about the serious exploits affecting the GoAnywhere MFT platform, highlighting the importance of vigilance in cybersecurity.

The discussion highlights a sharp rise in attacks targeting older Hikvision cameras, primarily due to weak passwords. A critical Cisco vulnerability has been patched but is already being exploited, requiring admin rights for access. SonicWall introduces a necessary firmware update to combat a persistent rootkit in its devices. Meanwhile, Microsoft steps in with an extension of free support for Windows 10, ensuring users in the US and Europe remain secure without extra costs. Cybersecurity news just keeps getting more intense!

An intern analyzes a peculiar DoS attack aimed more at distraction than disruption. GitHub unveils measures to secure the npm supply chain after recent package hijacks, emphasizing MFA and trusted publishing. SolarWinds deals with vulnerabilities in their Web Help Desk, revealing a serious remote code execution flaw. Meanwhile, Supermicro addresses critical issues in their BMC firmware, patching risks that could allow rogue firmware uploads. Tune in for insightful commentary on these pressing cybersecurity matters!

CISA reports sightings of backdoors installed through patched Ivanti EPMM vulnerabilities, raising concerns about security. LastPass warns of fake GitHub repositories impersonating companies to spread Mac malware. Additionally, ransomware exploiting exposed Oracle Database Scheduler services has been uncovered, showcasing the ever-evolving threats in cybersecurity. Stay informed to protect your systems!

Unusual HTTP requests are causing a stir in honeypots, raising questions among cybersecurity experts. A critical deserialization vulnerability has been discovered in Fortra's GoAnywhere MFT, posing serious risks. Meanwhile, a new tool called EDR Freeze is enabling users to suspend endpoint detection and response processes, allowing for unique security strategies. Stay informed with insights on these pressing topics in the ever-evolving world of cybersecurity!