SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, October 2nd, 2025: Honeypot Passwords; OneLogin Vuln; Breaking Intel SGX; OpenSSL Patch
7 snips
Oct 2, 2025 Explore the fascinating world of honeypot passwords, revealing how many match those on Have I Been Pwned and the unique variations that exist. Discover a critical vulnerability in OneLogin that exposes application secrets, highlighting security implications. Dive into groundbreaking research on breaking Intel's SGX through memory inspection, showcasing vulnerabilities and potential hardware modification risks. Finally, stay informed about crucial OpenSSL patches designed to fix several vulnerabilities, including a remote code execution issue.
AI Snips
Chapters
Transcript
Episode notes
Honeypot Passwords Mirror Breach Lists
- Most passwords attackers try against honeypots are already in Have I Been Pwned (HIBP) leaked lists.
- The remaining ~7% are often simple variations like year changes or added characters, revealing mutation tactics.
Password Mutations Extend Attack Coverage
- Attackers expand leaked-password patterns by creating simple mutations to increase success.
- These mutations (years, special characters) target gaps not covered by direct credential stuffing.
Remove Secrets From App Listings
- Do not expose application secrets in API responses; keep secrets out of listing endpoints.
- Patch OneLogin instances promptly because the vulnerability allowed easy retrieval of app secrets.