SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Cybercriminals are using access brokers to maintain a persistent grip on compromised networks, raising significant security concerns. A critical vulnerability in Meta's Llama Stack highlights the need for robust mitigation strategies. The discussion also covers how to defend against ESXi ransomware and the importance of SSH tunneling. Additionally, a flaw in Subaru's Starlink system puts vehicles at risk of remote hacking, prompting urgent resolution measures. Tune in for insights on these pressing cybersecurity issues!

In this discussion, Anthony Russo, U.S. team lead for security operations at Atlassian, shares insights on using AI for SOAR platforms. He highlights recent XSS attacks targeting webmail and the essential patches from SonicWall and Cisco to address critical vulnerabilities. Russo also delves into the integration of AI in automating security operations and the potential of large language models like ChatGPT in enhancing cybersecurity. However, he stresses the importance of understanding AI limitations and ensuring effective automation.

Discover the intricacies of the PFSync protocol, crucial for synchronizing firewall states during failover scenarios. Delve into Oracle's latest critical patch release that targets multiple vulnerabilities. Uncover a sophisticated supply chain attack on a Korean VPN service, revealing significant security implications. Explore the challenges of VPN configuration and the urgent need for enhanced security measures regarding Ivanti. Stay informed with effective strategies to protect critical infrastructure from emerging threats.

Explore the unsettling geolocation risks for Starlink users, revealing how satellite internet could expose sensitive data. Learn about Cloudflare's role in potentially deanonymizing individuals by tracking cached content. Delve into alarming incidents where AI assistants leak confidential customer information due to careless prompts. Finally, discover the rising threat of phishing attacks targeting Mac users, underscoring the urgent need for better data protection and user training.

Explore the cunning tactics behind partial ZIP file downloads that help attackers sneak past security checks. Learn about the Ukrainian CERT's urgent advice on thwarting threats linked to AnyDesk remote access. Delve into the risky SSRF vulnerabilities discovered within Azure DevOps, revealing how they can be exploited by cybercriminals. This discussion highlights the importance of maintaining awareness against social engineering and unauthorized access in today's digital landscape.

Explore the intriguing world of honeypots and how they can extend the life of offensive security operations. Discover three critical vulnerabilities in SimpleHelp that urgently need patching to avert exploitation. Dive into the alarming findings about a new flaw that allows UEFI Secure Boot bypass, potentially putting countless systems at risk. Stay ahead of the curve in cybersecurity by understanding these pressing issues.

Rich Green, a SANS.edu graduate student and senior solutions engineer, dives into the transformative world of passkeys, highlighting their potential to enhance security beyond traditional passwords. He shares insights from his research on the cryptographic methods underlying passkeys and the challenges of implementing them in legacy systems. The discussion also addresses the latest issues with Citrix's Session Recording Agent and Ivanti's security advisories, offering a glimpse into the evolving landscape of cybersecurity.

A long-neglected vulnerability in Netgear routers is back in the spotlight, with attackers exploiting it to deploy crypto miners. There's a critical flaw in Google's OAuth that threatens sensitive data through defunct domains. Rsync also faces urgent security issues that require immediate patching. Meanwhile, Fortinet's advisory nudges the importance of updating firmware to secure defenses. Explore these pressing concerns and fortify your cybersecurity today!

Microsoft's latest Patch Tuesday updates reveal 209 fixed vulnerabilities, including critical ones that have been actively exploited. The discussion highlights specific risks these vulnerabilities pose to network security. Fortinet raises alarms about an unpatched Node.js authentication bypass that could grant attackers super-admin privileges on FortiOS devices. The podcast also emphasizes the importance of securing admin interfaces and managing software vulnerabilities effectively.

Discover the vulnerabilities plaguing Hikvision IP cameras as attackers exploit flawed password reset systems. Learn about a critical macOS flaw that allows system integrity to be bypassed through kernel extensions. Delve into a sophisticated Linux rootkit that remotely controls systems using zero-day vulnerabilities. Lastly, unravel a new ransomware scheme that targets AWS S3 buckets, leveraging SSE-C encryption to lock down data, highlighting the urgent need for protective measures and timely patching.