SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A critical SQL injection vulnerability in FreePBX is enabling remote code execution, posing serious risks. Discover how Microsoft is responding to growing threats against Teams with essential security measures like MFA. Elastic has released a patch for a stored XSS vulnerability in Kibana, highlighting the importance of timely updates. Additionally, two vulnerabilities in the QT SVG module could allow for code execution, emphasizing the need for vigilance in software management.

A newly discovered Oracle 0-day exploit poses serious risks with its widespread availability. The discussion dives into the complexities of the exploit script, highlighting how an XSLT-based technique enables remote code execution. Redis also faced a critical vulnerability, emphasizing the need for prompt patching. Furthermore, Microsoft has revealed active exploitation of a GoAnywhere bug; users are urged to apply patches to safeguard their systems. The session is packed with urgent cybersecurity insights and the importance of proactive defense.

A new Oracle E-Business Suite vulnerability has been exploited by the Cl0p ransomware gang, leading to urgent patching needs. Meanwhile, an analysis of a Zimbra exploit shows risks linked to .ics files, targeting vulnerable systems. The Unity game editor is also in the spotlight due to a critical security flaw that could allow code execution, requiring urgent updates for impacted builds. Cybersecurity professionals are urged to take immediate action to safeguard their systems.

Attackers are exploiting .well-known directories to gather sensitive API documentation for reconnaissance. A critical vulnerability in Red Hat's OpenShift AI Service allows low-privileged users to escalate their access to cluster administrator. The podcast highlights serious flaws in the TOTOLINK X6000R routers, particularly a dangerous unauthenticated command injection. Lastly, a memory corruption flaw in DrayTek's Vigor series routers could let unauthorized users execute arbitrary code, making swift patching essential.

Explore the fascinating world of honeypot passwords, revealing how many match those on Have I Been Pwned and the unique variations that exist. Discover a critical vulnerability in OneLogin that exposes application secrets, highlighting security implications. Dive into groundbreaking research on breaking Intel's SGX through memory inspection, showcasing vulnerabilities and potential hardware modification risks. Finally, stay informed about crucial OpenSSL patches designed to fix several vulnerabilities, including a remote code execution issue.

Explore the ongoing risks of cookie-based authentication, where even a simple 'user=admin' can lead to significant vulnerabilities. Discover the critical command injection exploit in Western Digital's My Cloud devices and the importance of timely firmware updates. Learn about an actively exploited sudo vulnerability that allows privilege escalation with minimal effort. This insightful discussion highlights the need for vigilance in cybersecurity practices.

Apple has rolled out important patches fixing a font parsing vulnerability across its platforms. There’s a rising number of scans targeting a specific vulnerability in Palo Alto Global Protect, highlighting concerns for security. Additionally, new insights reveal the Nimbus Manticore malware is utilizing valid SSL.com certificates, complicating detection efforts. Tune in for a deep dive into these pressing cybersecurity topics!

Discover a new tool that transforms Unix timestamps in .bash_history into readable formats, aiding forensic investigations. Explore the alarming vulnerabilities in Cisco ASA/FTD devices, with warnings about ongoing exploitations dating back a year. Additionally, learn about a phishing scheme using GitHub notifications to impersonate Y Combinator, tricking crypto startups into downloading harmful malware. Stay informed and secure with insights on vulnerabilities and remediation strategies!

Explore the alarming rise in scans targeting the .well-known directory for webshells. Cisco's critical vulnerabilities are currently being exploited, urging immediate patching to prevent unauthorized access. Delve into a new XCSSET variant that preys on Xcode projects, stealing sensitive crypto data from developers' clipboards. Additionally, learn about the serious exploits affecting the GoAnywhere MFT platform, highlighting the importance of vigilance in cybersecurity.

The discussion highlights a sharp rise in attacks targeting older Hikvision cameras, primarily due to weak passwords. A critical Cisco vulnerability has been patched but is already being exploited, requiring admin rights for access. SonicWall introduces a necessary firmware update to combat a persistent rootkit in its devices. Meanwhile, Microsoft steps in with an extension of free support for Windows 10, ensuring users in the US and Europe remain secure without extra costs. Cybersecurity news just keeps getting more intense!