SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, March 13th, 2026: IOT Device Discovery; Apple Patches; Veeam Patches
10 snips
Mar 13, 2026 A honeypot reveals widespread IoT devices still logging in with default admin credentials. Apple releases security updates for older iPhones addressing WebKit and kernel bugs tied to real-world spyware. Veeam patches fix critical flaws, including authenticated remote code execution risks. A Splunk preview endpoint bug that can lead to command execution is also discussed.
AI Snips
Chapters
Transcript
Episode notes
Honeypot Catches IoT Devices Logging In As Admin
- Johannes Ulrich describes an intern's honeypot diary showing repeated SSH logins using default credentials.
- The example highlights fingerprinting and detection of consumer IoT devices like webcams being widely misconfigured and abused.
Uncontrolled Consumer IoT Drives Simple But Scalable Risk
- Uncontrolled consumer IoT deployments create the biggest security problem because default credentials and simple devices scale attacker success.
- Johannes Ulrich notes military-related webcam attacks and that fingerprinting helps discover these devices across networks.
Update Old iPhones And iPads Immediately
- Update old iPhones and iPads even if they are many years old because Apple released iOS 15 and iOS 16 patches addressing exploited vulnerabilities.
- Patches include kernel and WebKit fixes tied to the Corona spyware campaign and affect devices back to iPhone 6s.