SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Discover innovative methods for classifying malware using machine learning and entropy-driven feature selection. Learn about dangerous NPM packages that masquerade as legitimate software but introduce reverse shells. Additionally, uncover a recently patched vulnerability in Google Chrome that was exploited against media and educational groups in Russia. Delve into the world of cybersecurity and the latest emerging threats in the digital landscape.

Discover the surge in exploit attempts targeting an XWiki vulnerability that allows command injection. Learn about the FBI's warning regarding unsafe online file converters. Follow the latest on a VMWare Tools flaw that could escalate user privileges within virtual machines. Hear about issues with Draytek routers stuck in a reboot loop and the advised fixes. Finally, get insights into the recent exploitation of a Microsoft Management Console vulnerability patched just days ago.

Discover the intriguing world of bot behavior as they cleverly use privacy headers to blend in, yet may make spotting them easier. Dive into the critical vulnerabilities in Kubernetes environments that could lead to serious compromises. Stay alert to the FBI's warnings about file converter scams, emphasizing the need for caution with untrusted downloads. Plus, learn about a VSCode extension that turns out to harbor ransomware. This episode is packed with essential cyber security insights!

A critical vulnerability in Next.js could allow unauthorized access, raising alarms about middleware verification. The need for immediate patching is emphasized to protect applications. Meanwhile, Microsoft's Trust Signing Service is exploited by attackers to generate signatures for malware. This alarming trend sheds light on the potential dangers of poor verification processes in software development. Understanding these vulnerabilities is crucial for maintaining robust cybersecurity practices.

Discover the latest on data feeds and the impact of a recent SEO scam targeting bloggers. Learn about Veeam's alarming deserialization vulnerability and the insufficient patch that remains a concern. Dive into the critical security risks surrounding IBM's AIX operating system, where an unauthenticated remote code execution vulnerability poses serious threats. Stay informed and boost your cyber vigilance with these essential updates!

Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 CVE-2024-20440 Attackers added last September's Cisco Smart Licensing Utility vulnerability to their toolset. These attacks orginate most likely from botnets and the same attackers are scanning for a wide range of additional vulnerabilities. The vulnerability is a static credential issue and trivial to exploit after the credentials were published last fall. https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Cisco%20Smart%20Licensing%20Utility%20CVE-2024-20439%20and%20CVE-2024-20440/31782 Legacy Driver Exploitation Through Bypassing Certificate Verification Ahnlab documented a new type of "bring your own vulnerable driver" vulnerability. In this case, an old driver used by an anit-malware and anti-rootkit system can be used to shut down arbitrary processeses, including security related processeses. https://asec.ahnlab.com/en/86881/ Synology Vulnerability Updates Synology updates some security advisories it release last year adding addition details and vulnerable systems. https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 https://www.synology.com/en-global/security/advisory/Synology_SA_24_24

Python Bot Delivered Through DLL Side-Loading A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Side-Loading/31778 Tomcat RCE Correction To exploit the Tomcat RCE I mentioned yesterday, two non-default configuration options must be selected by the victim. https://x.com/dkx02668274/status/1901893656316969308 SAML Roulette: The Hacker Always Wins This Portswigger blog explains in detail how to exploit the ruby-saml vulnerablity against GitLab. https://portswigger.net/research/saml-roulette-the-hacker-always-wins Windows Shortcut Zero Day Exploit Attackers are currently taking advantage of an unpatched vulnerability in how Windows displays Shortcut (.lnk file) details. Trendmicro explains how the attack works and provides PoC code. Microsoft is not planning to fix this issue https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html

Dive into the world of cyber threats as they decode GUID-encoded shellcode linked to malware, revealing insights into Cobalt Strike. Explore a critical authentication bypass vulnerability found in Node.js libraries, prompting urgent fixes. Discover a new deserialization flaw in Tomcat that's already under attack, raising alarms about its Java similarities. Lastly, learn how attackers exploit CSS for stealthy user tracking and detection evasion, showcasing the ever-evolving landscape of cyber security.

The podcast dives into the latest antics of the Mirai botnet, which hilariously misconfigured a router exploit. A compromised GitHub action raises alarms, leaking sensitive credentials. The discussion also highlights a ruby-saml authentication bypass caused by a parsing blunder. Additionally, it warns developers about fake GitHub security alerts designed to trick them into granting malicious apps OAUTH privileges. Cybersecurity never sounded so intriguing!

Discover how to analyze file hashes using Microsoft's BI tool, unlocking insights from honeypot data. Dive into the recent Apache Camel vulnerability that allows for easy exploitation via query parameters, raising alarms about arbitrary code execution risks. Learn about Juniper's urgent patch for a previously exploited JunOS vulnerability that threatens complete device compromise. Finally, hear about AMI's security advisory addressing multiple vulnerabilities, including a critical authentication bypass in Redfish, rated with a troubling CVSS score of 10.0.