SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A significant compromise of popular npm libraries highlights how phishing scams can impact millions of downloads weekly. The discussion details how attackers utilized lookalike domains to infiltrate systems. Additionally, the introduction of HTTP request signatures aims to enhance bot traffic identification, providing a new layer of security. This approach addresses challenges in differentiating between good and harmful bots, paving the way for more effective digital signature mechanisms.

Discover how to convert YARA offsets for debugging and what this means for cybersecurity. Learn about a Colombian phishing campaign leveraging JavaScript in SVG files, risking user security. Also, hear about critical vulnerabilities in FreePBX software, including one that was actively exploited, underscoring the need for swift patching to enhance security.

Cloudflare revealed alarming details about a rogue certificate issued for the popular 1.1.1.1 DNS resolver, stressing the importance of avoiding complacency in certificate management. The risks of username reuse on platforms like Huggingface were explored, highlighting how deleted accounts can be hijacked. Additionally, a critical vulnerability in macOS was discussed, which could allow unauthorized decryption of sensitive data stored in the Keychain, underscoring the need for regular software updates.

Recent cyber attack attempts target Dassault's DELMIA Apriso software due to a patched deserialization vulnerability. The discussion also covers Google's September Android updates, addressing exploited privilege escalation flaws. Additionally, the podcast highlights a certificate issued for Cloudflare's DNS service, raising concerns about network vulnerabilities and security flaws. Proactive measures are emphasized to combat these evolving cyber threats.

Dive into the dark world of sextortion as experts analyze 1,900 scam messages and their effectiveness over four years. Discover alarming insights into Azure AD client secret theft, revealing how attackers exploit exposed credentials. Learn about a new bot that cleverly uses ICMP and DNS for covert communications, combining two protocols for stealthy command execution. Lastly, find out about the critical updates for FreePBX and the importance of staying secure amidst these rising cybersecurity threats.

A new update for pdf-parser fixes critical streaming issues, enhancing security measures. In a troubling development, compromised OAuth tokens from Salesloft Drift have led to significant data breaches. The podcast also reveals how attackers are misusing the Velociraptor tool, typically for incident response, to gain remote access within breached networks. Finally, a default password vulnerability in NeuVector has been patched, emphasizing the need for security in software installations. Stay alert and informed!

In this installment, experts highlight an alarming rise in attacks targeting .zip files, as attackers seek out careless backups. They delve into a critical vulnerability in FreePBX that's currently being exploited, along with new mitigations and a beta patch. Additionally, the discussion covers a recently patched authentication bypass vulnerability in Passwordstate, which could expose emergency passwords. Tune in for essential insights into these pressing cyber security issues!

Discover an intriguing malware technique that uses PowerShell to launch shellcode, evading security protocols. Learn about the NX build package compromise that leveraged AI to pilfer credentials. The discussion also highlights a global report on the 'Volt Typhoon' cyber threat, revealing the extensive impact of state-sponsored espionage. Stay informed about these critical cyber risks and how they may affect systems worldwide.

The discussion dives into the risks associated with International Domain Names (IDNs) and how mixed scripts can signal phishing attempts. A Python script is introduced to analyze these names for security flaws. The hosts also spotlight critical vulnerabilities in Citrix Netscaler, one of which is already actively being exploited. Additionally, they cover a Git vulnerability that has been exploited post-patch, emphasizing the urgency of keeping systems updated to fend off potential threats.

Uncover the secrets of Microsoft Word as experts reveal how it tracks document interactions. Delve into the risks posed by AI image downscaling, where seemingly innocent photos can unleash harmful text. The discussion doesn't stop there; learn about a critical vulnerability in the IBM Jazz Team Server that poses serious security threats. Discover advancements in understanding document security and how to safeguard against these emerging cyber risks!