SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A recent vulnerability in Struts 2 has sparked an uptick in exploit attempts, urging critical patches and improved upload capabilities. Meanwhile, Citrix highlights the risks of password spraying attacks on their Netscaler installations, advocating for multi-factor authentication. The introduction of six-day certificates by Let's Encrypt raises questions about the implications of shorter lifespans and effective renewal processes. In a concerning twist, around 30,000 devices in Germany were found pre-installed with malware, underscoring persistent security threats.

The latest discussions cover critical security updates for Windows 10 and 11, stressing the necessity of TPM 2.0. They reveal vulnerability woes with Microsoft Azure's multi-factor authentication. Additionally, there's an alarming review of a security flaw in Apache's Struts 2 library. The podcast also exposes the tactics of a Russian group, Secret Blizzard, which are using tools from other factions to launch attacks on Ukraine. It's a riveting mix of cybersecurity insights and global threat awareness.

Latest vulnerabilities in vSphere are under threat as attackers exploit them through automated scans. Apple has rolled out crucial updates across its ecosystem, addressing serious risks like privilege escalation. The podcast also highlights the urgent need to address vulnerabilities in WebKit and Cleo software, which pose risks of code execution and system failures. Furthermore, there's a strong call for heightened awareness and community connection in the face of these cyber threats.

The latest cybersecurity updates from Microsoft tackle 71 vulnerabilities, with 16 deemed critical, emphasizing the importance of timely patching. Ivanti reveals serious authentication issues while Microsoft plans to phase out NTLM authentication. A rediscovered feature in Visual Studio Code could enhance security, alongside a discussion on mitigating NTLM relay attacks. Stay informed to protect your digital environment.

Explore unusual SSH honeypot breaches that reveal bizarre command execution patterns. Uncover serious vulnerabilities in the OpenWRT router that could compromise its supply chain. The discussion also highlights essential Android updates that tackle baseband weaknesses. Finally, the hosts shed light on the false security assurances of RCS messaging, urging caution in its usage.

Discover the nuances of cookie security and the alarming vulnerabilities tied to NTLM hash leaks. Learn about the risks posed by compromised libraries, particularly the Ultralytics library infected with a crypto miner. The podcast also delves into a new attack vector that targets memory through SD card readers, showcasing the evolving landscape of cybersecurity threats. These insights underscore the importance of vigilance in protecting digital infrastructure.

Explore the intricate web of business email compromise, highlighting prevention strategies and the urgency of proactive management. Dive into alarming vulnerabilities in Mitel's MyCollab platform, featuring authentication bypass risks and the need for quick patches. The conversation also celebrates Alan Paller's induction into the Cybersecurity Hall of Fame, underscoring his impact on the field. Plus, discover insights on the Lorex 2K Indoor Wi-Fi Security Camera and HPE Aruba vulnerabilities, keeping you updated on the latest in cybersecurity developments.

Dive into the essential role of data analysis in cybersecurity, spotlighting its impact on tackling massive data challenges. The FBI issues a crucial warning for iPhone and Android users regarding text communications. Discover vulnerabilities in SailPoint's Identity IQ and the Solana web3.js library, along with insights on necessary patches. Explore the complexities of Rich Communication Services and their implications for security. This episode delves into the intersection of cybersecurity threats and innovative solutions.

Learn how everyday Word documents can be hiding malicious files and the tactics attackers use to exploit them. Discover the shocking arrest of a CEO in South Korea for incorporating DDoS capabilities into satellite receivers. The discussion also highlights critical vulnerabilities in Veeam software that allow for remote code execution and a Microsoft privilege escalation flaw linked to cybercriminal activity. It's a deep dive into the evolving world of cyber threats and security risks!

Explore the critical role of Credential Guard in preventing lateral movement in cybersecurity. Discover the alarming trend of exploiting corrupted Word documents in phishing attacks. Learn about essential best practices for managing API keys alongside the vulnerabilities in the IBM Security Verify Access Appliance. Delve into the importance of threat-informed defense strategies and how recent breaches highlight the need for swift action and robust mitigation measures.