SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brie...
In this episode, we dive into active exploitation of a zero-day in SonicWall SSL-VPN, privilege escalation vulnerabilities in Moxa devices, and a BitLocker bypass in Windows 11. We also cover cryptocurrency mining malware hitting PHP servers and the White House's launch of the U.S. Cyber Trust Mark to secure connected devices.
Episode Links and Topics:
PacketCrypt Classic Cryptocurrency Miner on PHP Servers
https://isc.sans.edu/diary/PacketCrypt%20Classic%20Cryptocurrency%20Miner%20on%20PHP%20Servers/31564
Malware exploiting PHP servers to mine PacketCrypt Classic cryptocurrency.
SonicOS Affected By Multiple Vulnerabilities
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
A zero-day vulnerability in SonicWall SSL-VPN devices is under active attack.
Privilege Escalation and OS Command Injection Vulnerabilities in Moxa Devices
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo
Critical vulnerabilities in Moxa routers and security appliances allow privilege escalation and OS command injection.
White House Launches U.S. Cyber Trust Mark
https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/
A new cybersecurity labeling program for connected devices aims to help consumers choose secure products.
Windows BitLocker: Screwed without a Screwdriver
https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver#t=761
(video in English)
A two-year-old vulnerability in Windows 11 allows bypassing BitLocker encryption.
--------
6:39
ISC StormCast for Tuesday, January 7th, 2025
In this episode of the SANS Internet Storm Center's Stormcast, we cover critical vulnerabilities affecting OpenSSH, BeyondTrust, and Nuclei, including the newly discovered "RegreSSHion" flaw and a bypass vulnerability in Nuclei. We also discuss how malware evasion techniques can impact analysis environments and highlight the dangers of fake exploits targeting researchers. Tune in for insights on patching, mitigation strategies, and staying ahead of emerging threats.
Topics Covered:
Make Malware Happy
https://isc.sans.edu/diary/Make%20Malware%20Happy/31560
A look at how malware adapts and detects analysis environments, and why replicating operational settings is critical during malware analysis.
Nuclei Signature Verification Bypass (CVE-2024-43405)
https://www.wiz.io/blog/nuclei-signature-verification-bypass
A critical vulnerability in Nuclei allows malicious templates to bypass signature verification, risking arbitrary code execution.
Critical Vulnerability in BeyondTrust (CVE-2024-12356)
https://censys.com/cve-2024-12356/
A high-risk flaw in BeyondTrust products allows unauthenticated OS command execution, posing a significant threat to privileged access systems.
RegreSSHion Code Execution Vulnerability (CVE-2024-6387)
https://cybersecuritynews.com/regresshion-code-execution-vulnerability/
OpenSSH vulnerability "RegreSSHion" enables remote code execution, and fake exploits targeting security researchers are in circulation.
--------
4:52
ISC StormCast for Monday, January 6th, 2025
In this episode of the SANS Internet Storm Center's Stormcast, we cover the latest cybersecurity threats and defenses, including Python-delivered malware, goodware hash sets, SSL/TLS protocol updates, and critical vulnerabilities in ASUS routers and Paessler PRTG. Stay informed and secure your systems!
Full details and links to all stories:
SwaetRAT via Python: https://isc.sans.edu/diary/SwaetRAT%20Delivery%20Through%20Python/31554
Goodware Hash Sets: https://isc.sans.edu/diary/Goodware%20Hash%20Sets/31556
SSL/TLS Updates: https://isc.sans.edu/diary/Changes%20in%20SSL%20and%20TLS%20support%20in%202024/31550
Cyberhaven Extension Compromise: https://secureannex.com/blog/cyberhaven-extension-compromise/
PRTG Vulnerability: https://www.zerodayinitiative.com/advisories/ZDI-24-1736/
ASUS Router Vulnerabilities: https://cybersecuritynews.com/asus-router-vulnerabilities/
A Deep Dive into TeamTNT and Spinning YARN
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20A%20Deep%20Dive%20into%20TeamTNT%20and%20Spinning%20YARN/31530
Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks
https://www.trendmicro.com/en_us/research/24/l/earth-koshchei.html
Okta Social Engineering Impersonation Report
https://sec.okta.com/articles/2024/okta-social-engineering-report-response-and-recommendation
US considers banning TP-Link routers over cybersecurity risks
https://www.bleepingcomputer.com/news/security/us-considers-banning-tp-link-routers-over-cybersecurity-risks/
CISA Releases Best Practice Guidance for Mobile Communications
https://www.cisa.gov/news-events/alerts/2024/12/18/cisa-releases-best-practice-guidance-mobile-communications
À propos de SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Écoutez SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast), Comptoir IA 🎙️🧠🤖 ou d'autres podcasts du monde entier - avec l'app de radio.fr
France