SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Oren Niskin, an industrial control system cybersecurity expert at GuidePoint Security, discusses critical cyber threats. He explains how alternate data streams can be manipulated for defense evasion and shares insights on the recent ConnectWise breach affecting remote access solutions. The conversation shifts to innovative tactics used by APT41, highlighting attacks via Google Calendar. Niskin emphasizes the importance of proactive strategies and deception techniques to enhance security in industrial environments, bridging the gap between IT and OT networks.

A compelling exploration reveals how AI can assist in analyzing cyber attacks, sparked by a student's investigation with a honeypot sample. The risks of ransomware are highlighted, particularly with vulnerabilities in SimpleHelp that cybercriminals exploit to target managed service providers. Additionally, the podcast delves into a serious OS command injection vulnerability found in Everetz equipment, which remains unpatched, raising alarms about the need for prompt security measures.

Discover how SSH backdoors are created through unauthorized access to authorized_keys files and why managing these files is crucial. Dive into the unsettling vulnerabilities of the Meteobridge software that allow remote command execution without authentication. Learn about the recent SQL injection issues in ManageEngine ADAuditPlus and the potential risks they pose. Finally, uncover the Dero Miner botnet's innovative technique of infecting Docker containers via exposed APIs to mine cryptocurrency.

Discover the intriguing world of SVG steganography, where messages can be cleverly hidden in vector graphics. Tune in to hear about a critical vulnerability in Fortinet products that’s already facing exploitation in the wild. The podcast also delves into an emerging threat: remote prompt injection in GitLab Duo, exposing potential risks linked to source code manipulation. Uncover how these issues could compromise both data security and integrity in the tech landscape.

Learn how to create resilient backup connectivity for your home network and avoid hidden backdoors. Discover the dangers of abusing dMSA in Active Directory that can lead to privilege escalation. Delve into a serious flaw in the samlify library that allows SAML Single Sign-On bypass, potentially enabling attackers to assume other users' identities. The discussion emphasizes the need for timely updates and secure configurations to protect against evolving cybersecurity threats.

Scammers are exploiting trust with a new variant of crypto confidence scams, luring victims into pricey VIP memberships under false pretenses. The danger extends to browser security, as malicious Chrome extensions impersonate reputable services to steal sensitive information. Developers aren't safe either; malicious Visual Studio Code extensions target them specifically to exfiltrate secrets. This episode covers the evolving landscape of online threats, highlighting the need for vigilance against cunning tactics.

Researchers are now being encouraged to identify themselves during internet scans for transparency. Unused CNAME records pose a potential risk, allowing attackers to hijack public cloud resources. Additionally, a vulnerability in openpgp.js could enable spoofing of message signatures, raising concerns for encrypted communications. The discussion emphasizes the balance between ethical research practices and cybersecurity challenges in the digital landscape.

Discover the shocking use of AutoIT scripts to install a remote admin tool, turning simple downloads into potential security nightmares. A popular tool's website faced a breach, leaving users vulnerable. Learn about a Trojaned version of KeePass that misled victims into downloading malware disguised as a trusted app. Plus, find out how malware-infested software for a UV printer circulated for months, raising alarms about compromised downloads. Stay vigilant in the world of cybersecurity!

Discover the latest advancements in cybersecurity with a deep dive into xorsearch's new Python functions that enhance output filtering. Learn about the thrilling exploits unveiled at Pwn2Own Berlin, highlighting privilege escalation and virtual machine escapes. The FBI rings alarm bells over a malicious messaging campaign impersonating senior US officials. Plus, find out how the Scattered Spider group is evolving its tactics, using legitimate dynamic domain systems to evade detection.

Increased scanning for SonicWall vulnerabilities raises alarms, with many attacks traced back to a budget hosting provider. Google addresses two critical flaws in Chrome, one of which is actively being exploited. A deep dive into RVTools reveals potential compromises that extend beyond simple SEO tactics, suggesting a backdoor entry. Finally, a report discusses XSS attacks affecting open-source webmail systems, underscoring the ongoing challenges in cybersecurity.