SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, February 4th, 2026: Detecting OpenClaw; Synology telnetd Patch; More GlassWorm
10 snips
Feb 4, 2026 Coverage of detecting and monitoring OpenClaw malware with scripts and telemetry for command visibility. Recommendations for hardening and telemetry plugins to improve defenses. Patch alert for a Synology telnetd/inetd vulnerability and advice to disable Telnet. Report on malicious VS Code extensions distributed after a developer account compromise. Note about Azure dropping TLS 1.0 and 1.1 and compatibility worries.
AI Snips
Chapters
Transcript
Episode notes
Enable OpenClaw Telemetry
- Install OpenClaw telemetry to log commands, prompts, and external interactions for visibility.
- Collect those logs via syslog or your SIEM to detect misuse and prompt-injection attempts.
Detect And Harden OpenClaw
- Use Gnostic's detection scripts to find OpenClaw binaries and configuration artifacts on hosts.
- Apply OpenClaw hardening docs and run it in a sandbox to reduce prompt-injection risk.
Patch Synology Telnetd Now
- Patch Synology DSM immediately to remediate the telnetd flaw and verify Telnet is not running.
- If Telnet is needed, restrict and monitor it tightly rather than leaving inetd-enabled telnetd exposed.