SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, September 5th, 2025: Cloudflare Response to 1.1.1.1 Certificate; AI Modem Namespace Reuse; macOS Vulnerability Allowed Keychain Decryption
5 snips
Sep 5, 2025 Cloudflare revealed alarming details about a rogue certificate issued for the popular 1.1.1.1 DNS resolver, stressing the importance of avoiding complacency in certificate management. The risks of username reuse on platforms like Huggingface were explored, highlighting how deleted accounts can be hijacked. Additionally, a critical vulnerability in macOS was discussed, which could allow unauthorized decryption of sensitive data stored in the Keychain, underscoring the need for regular software updates.
AI Snips
Chapters
Transcript
Episode notes
CT Logs Alone Aren't Enough
- Certificate transparency logs can expose unauthorized certificates but detection still fails without tuned alerts.
- Cloudflare found a rogue 1.1.1.1 certificate in CT logs and is refining internal monitoring to catch similar issues sooner.
Subscribe And Tune CT Alerts
- Do subscribe to certificate transparency alerts and build scripts to generate actionable notifications.
- Use free CT alerting services and tune filters to reduce false positives and get timely, useful alerts.
Model Names Are Supply-Chain Risks
- Model namespace ownership matters because deleted accounts can be re-registered and models replaced.
- Hugging Face model names map to account namespaces, so reuse risks supply-chain style model substitution.