SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Explore the intriguing use of base64 encoding in DNS and its implications for security, particularly for botnets. Discover critical vulnerabilities recently patched in Google Chrome, Ivanti, and Sophos that could allow remote code execution and authentication bypass. Additionally, learn about Apple's new memory integrity enforcement feature designed to bolster device security against spyware and enhance developer tools. Stay informed about the latest in cybersecurity threats and solutions!

This edition dives into the latest Microsoft Patch Tuesday, tackling 177 vulnerabilities, with 13 deemed critical. Surprisingly, none had been previously exploited. The discussion also highlights Adobe's patches for nine products and the critical vulnerabilities addressed by SAP, including one with a perfect CVSS score. Timely updates are emphasized as crucial to maintaining system security.

A significant compromise of popular npm libraries highlights how phishing scams can impact millions of downloads weekly. The discussion details how attackers utilized lookalike domains to infiltrate systems. Additionally, the introduction of HTTP request signatures aims to enhance bot traffic identification, providing a new layer of security. This approach addresses challenges in differentiating between good and harmful bots, paving the way for more effective digital signature mechanisms.

Discover how to convert YARA offsets for debugging and what this means for cybersecurity. Learn about a Colombian phishing campaign leveraging JavaScript in SVG files, risking user security. Also, hear about critical vulnerabilities in FreePBX software, including one that was actively exploited, underscoring the need for swift patching to enhance security.

Cloudflare revealed alarming details about a rogue certificate issued for the popular 1.1.1.1 DNS resolver, stressing the importance of avoiding complacency in certificate management. The risks of username reuse on platforms like Huggingface were explored, highlighting how deleted accounts can be hijacked. Additionally, a critical vulnerability in macOS was discussed, which could allow unauthorized decryption of sensitive data stored in the Keychain, underscoring the need for regular software updates.

Recent cyber attack attempts target Dassault's DELMIA Apriso software due to a patched deserialization vulnerability. The discussion also covers Google's September Android updates, addressing exploited privilege escalation flaws. Additionally, the podcast highlights a certificate issued for Cloudflare's DNS service, raising concerns about network vulnerabilities and security flaws. Proactive measures are emphasized to combat these evolving cyber threats.

Dive into the dark world of sextortion as experts analyze 1,900 scam messages and their effectiveness over four years. Discover alarming insights into Azure AD client secret theft, revealing how attackers exploit exposed credentials. Learn about a new bot that cleverly uses ICMP and DNS for covert communications, combining two protocols for stealthy command execution. Lastly, find out about the critical updates for FreePBX and the importance of staying secure amidst these rising cybersecurity threats.

A new update for pdf-parser fixes critical streaming issues, enhancing security measures. In a troubling development, compromised OAuth tokens from Salesloft Drift have led to significant data breaches. The podcast also reveals how attackers are misusing the Velociraptor tool, typically for incident response, to gain remote access within breached networks. Finally, a default password vulnerability in NeuVector has been patched, emphasizing the need for security in software installations. Stay alert and informed!

In this installment, experts highlight an alarming rise in attacks targeting .zip files, as attackers seek out careless backups. They delve into a critical vulnerability in FreePBX that's currently being exploited, along with new mitigations and a beta patch. Additionally, the discussion covers a recently patched authentication bypass vulnerability in Passwordstate, which could expose emergency passwords. Tune in for essential insights into these pressing cyber security issues!

Discover an intriguing malware technique that uses PowerShell to launch shellcode, evading security protocols. Learn about the NX build package compromise that leveraged AI to pilfer credentials. The discussion also highlights a global report on the 'Volt Typhoon' cyber threat, revealing the extensive impact of state-sponsored espionage. Stay informed about these critical cyber risks and how they may affect systems worldwide.