SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Old vulnerabilities are still posing serious threats, with a 2017 Excel exploit actively targeting users to steal passwords. Microsoft recently patched a critical Kerberos privilege escalation flaw impacting Exchange servers. There's a lurking backdoor in outdated Debian Docker images stirring concerns about software safety. Plus, Fortinet is addressing exploited vulnerabilities in their security products. These discussions highlight the ongoing challenges in cyber security and the importance of staying vigilant against both old and new threats.

Discover the latest on Microsoft’s massive Patch Tuesday, addressing 111 vulnerabilities, including critical Azure issues. Learn about the chilling upgrade of a libarchive vulnerability from low to critical, impacting compression software across many platforms. Don’t miss the spotlight on Adobe's extensive patch rollout for 13 products, highlighting serious authentication concerns. Stay informed on these vital security updates that could affect your systems!

Discover the latest cyber vulnerabilities that are causing a stir in the security world, including a critical exploit in Erlang/OTP SSH and active attacks on WinRAR. Learn how threat actors are capitalizing on Citrix Netscaler vulnerabilities and what patches are necessary to protect against them. Also, dive into OpenSSH's forward-thinking approach to quantum-safe encryption, signaling a significant leap in future cybersecurity measures. Stay informed and secure in an evolving threat landscape!

Beware of fake Tesla websites tricking users into sharing credit card information for nonexistent preorders. In a shocking twist, compromised USB devices can act like keyboards to inject malicious commands. Additionally, learn about a concerning epidemic where internet-exposed domain controllers are exploited for powerful denial of service attacks, emphasizing the need for strong security measures. Stay informed and protect yourself from these modern cyber threats!

Wellington Rampazo, an information security expert with two decades in the field and recent master’s grad, enlightens listeners with crucial cybersecurity insights. He discusses the alarming rise of mass scanning from ASN 43350 and how organizations can defend against it. The conversation also dives into critical vulnerabilities in HTTP/1.1 and Microsoft Exchange Servers, emphasizing the need for swift updates. Finally, Rampazo shares vital research on improving open-source software security, advocating for developers to shift their awareness and practices to mitigate risks.

Sextortion scams are making a disturbing comeback in 2025, with some crypto addresses still receiving deposits. The Akira ransomware group is leveraging legitimate drivers for privilege escalation, raising alarms about this tactic. Emergency patches have been issued by Adobe for a critical vulnerability in Experience Manager after a proof-of-concept exploit surfaced. Similarly, Trend Micro has responded to an actively exploited vulnerability in their Apex One management console. Cybersecurity vigilance is more crucial than ever!

The discussion delves into the dangers of lost Machine Keys and how they can be exploited for code execution through VIEWSTATE vulnerabilities in .NET. It unveils Perplexity's sneaky tactics of using stealthy crawlers to bypass website no-crawl rules. Additionally, recent threats targeting Gen 7 SonicWall firewalls with enabled SSLVPN are analyzed, highlighting a surge in cyber incidents that require attention and swift mitigation strategies.

Discover daily cybersecurity trends and how to stay one step ahead of emerging threats. An alarming vulnerability in NVIDIA's Triton servers may expose users to remote code execution. Plus, learn about the risks tied to misconfigurations in Cursor AI, which could allow attackers to exploit developer machines. Tune in for insights into safeguarding technology in a rapidly evolving digital landscape!

This episode highlights troubling cybersecurity trends, including unusual SSH scans targeting a legacy user, hinting at vulnerabilities in outdated systems. A possible 0-day vulnerability in Sonicwall SSL VPN devices used by ransomware groups raises urgent concerns. Additionally, a stealthy PAM-based Linux backdoor has emerged, evading detection by anti-malware solutions for over a year. Experts discuss the need for vigilance in monitoring authentication settings to mitigate risks.

Explore the fascinating world of cyber threats with a deep dive into Scattered Spider's tactics and related domains. Discover Excel's upcoming changes that block links to dangerous file types for enhanced security. Plus, learn about CISA's release of Thorium, a new open-source platform for malware analysis, designed to bolster defenses against cyber attacks. Stay informed and protect yourself in an ever-evolving digital landscape!