SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, January 9th, 2026: Gephi Analysis; zlib vuln; GnuPG Vulns; Cisco/Cloudflare DNS Issue
5 snips
Jan 9, 2026 Discover the power of Gephi for visualizing honeypot data and revealing botnet connections. Unpack a classic buffer overflow vulnerability in zlib's untgz utility, leading to potential exploits. Dive into multiple GnuPG vulnerabilities unveiled, including serious risks like signature forgery. Learn how a Cloudflare DNS change rebooted Cisco switches and the implications for network stability. Tune in for insights on mitigating these issues and the future of cybersecurity!
AI Snips
Chapters
Transcript
Episode notes
Visualize Logs To Reveal Hidden Clusters
- Gephi (via the Gephi/Graphviz stack) reveals relationships in honeypot and log data that raw lists hide.
- Johannes Ulrich shows clustered IPs and shared filenames can expose botnet structure quickly.
Evaluate Exploitability Contextually
- Inspect how libraries and utilities are used before assigning a severity score to a vulnerability.
- Consider exploitability context such as how filename inputs reach the untgz utility when triaging the zlib bug.
Classic Overflow In Widely Used Library
- The untgz utility in zlib copies a filename into a 1KB buffer without length checks, causing a classic buffer overflow.
- The presence of a simple overflow in a ubiquitous compression library raises supply-chain risk depending on how untgz is exposed.