SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Attackers are probing login pages for Log4j vulnerabilities, including VMWare's HCX REST API. Recent Apple and Microsoft patches are causing issues, potentially reactivating features users wanted off. Adobe has rolled out critical updates to prevent remote code execution in Acrobat. Plus, CISA has shared valuable insights on Medusa Ransomware, while Zoom addresses several serious flaws with a new update. Stay informed about these urgent cybersecurity threats and software patches!

Microsoft just patched six exploited vulnerabilities, including a critical fix for its DNS server. Apple responded with an update for WebKit vulnerabilities affecting iOS and macOS. The podcast also discusses Espressif’s reassurance about their ESP32 chipsets, clarifying that recent claims of 'backdoors' are related to debug commands and not Bluetooth access. Tune in for insights on these essential security updates!

Shellcode Encoded in UUIDs Attackers are using UUIDs to encode Shellcode. The 128 Bit (or 16 Bytes) encoded in each UUID are converted to shell code to implement a cobalt strike beacon https://isc.sans.edu/diary/Shellcode%20Encoded%20in%20UUIDs/31752 Moxa CVE-2024-12297 Expanded to PT Switches Moxa in January first releast an update to address a fronted authorizaation logic disclosure vulnerability. It now updated the advisory and included the PT series switches as vulenrable. https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches Opentext Insufficently Protected Credentials https://portal.microfocus.com/s/article/KM000037455?language=en_US Livewire Volt API vulnerability https://github.com/livewire/volt/security/advisories/GHSA-v69f-5jxm-hwvv

Discover the lurking dangers of web shells, which attackers use to infiltrate vulnerable servers while staying one step ahead. Learn about hidden backdoors in the popular ESP32 chipsets that could compromise IoT devices, thanks to recent findings from a conference presentation. Finally, be shocked by the Akira group's tactic of deploying ransomware through unsuspecting webcams, illustrating a new wave of innovative cyber threats. Enhance your security awareness with these intriguing insights!

Eric LeBlanc, a Senior cybersecurity engineer at the U.S. Strategic Petroleum Reserve, shares insights into the ever-evolving world of cybersecurity. He discusses the controversial Chrome update that disrupts ad blockers and the critical Kibana vulnerability posing security risks. LeBlanc also delves into the alarming discovery of pre-infected Android TV sticks filled with adware. His innovative meta detection strategies highlight the complexities of identifying Advanced Persistent Threats and managing log data effectively in federal environments.

Explore the world of cybersecurity with fascinating insights into the DShield SIEM's ELK dashboard for traffic analysis. Uncover the shocking details of a new AMD CPU microcode vulnerability revealed by Google, complete with a proof of concept. Dive into a VIM flaw that could let attackers execute arbitrary code through specially crafted files. And watch out for a peculiar snail mail scam, where fraudsters are impersonating ransomware groups to extort payments from executives. A mix of cautionary tales and technical discussions!

A Romanian attacker expands their scanning tactics to hunt for SMTP credentials, complicating cybersecurity efforts. An update to mac-robber.py resolves symlink issues, enhancing security tool functionality. A serious vulnerability in ADSelfService Plus could allow unauthorized access without MFA. Google's March Android update tackles critical vulnerabilities, while PayPal's no-code-checkout feature faces exploitation by scammers. Broadcom addresses three VMware vulnerabilities to prevent potential virtual machine breaches.

Discover the nuances of the 'Mark of the Web' in Windows, revealing how it stores information like source URLs and referrers. Dive into a crafty phishing attack that exploits SharePoint via the Microsoft Graph API, luring users to execute harmful commands. Learn about a critical vulnerability in Paragon Partition Manager that enables attackers to escalate privileges for ransomware deployment, even without the software installed. Stay informed on these pressing cybersecurity threats!

The podcast dives into alarming AI training data leaks, revealing that the Common Crawl dataset harbors exposed API keys and secrets. It also discusses GitHub's Copilot inadvertently accessing sensitive data from previously private repositories. The MITRE Caldera framework is highlighted for its potential vulnerability, allowing unauthorized code execution. Lastly, it addresses a modsecurity rule bypass, emphasizing the critical importance of regular software updates to enhance cybersecurity defenses.

Join Ben Powell, a principal security engineer with 15 years in cybersecurity, as he dives into some pressing digital threats. He discusses the Njrat malware exploiting Microsoft's dev tunnels and highlights new vulnerabilities in Apple’s FindMy that could endanger users. The conversation also covers alarming trends in mass website exploitation through XSS vulnerabilities in virtual tour frameworks. Plus, learn about effective strategies against ransomware and the strengths and weaknesses of various cybersecurity solutions for small businesses.