SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

The podcast dives into the latest cybersecurity threats, emphasizing the significance of honeypot systems in countering attacks. It discusses obfuscation techniques used by hackers in evolving infostealers. The conversation also reveals dangerous credit card skimmer malware targeting Magento, just in time for the busy shopping season. Additionally, it highlights the alarming rise of the first UEFI bootkit for Linux, showcasing the ever-evolving landscape of cyber dangers.

Discover how using tools like Zeek, Snort, and Grafana can help detect crypto mining malware. Learn about a new Russian APT strategy that exploits nearby Wi-Fi networks for covert access. Dive into the introduction of NachoVPN, a unique solution in the VPN world. Stay updated on crucial Keycloak security patches and PHP updates. The discussion also highlights concerning IoT vulnerabilities, particularly weak SSH passwords, just in time for the Thanksgiving holiday.

Quick & Dirty Obfuscated JavaScript Analysis https://isc.sans.edu/diary/Quick%20%26%20Dirty%20Obfuscated%20JavaScript%20Analysis/31468 Decrypting a PDF With a User Password https://isc.sans.edu/diary/Decrypting%20a%20PDF%20With%20a%20User%20Password/31466 The strange case of disappearing Russian servers https://isc.sans.edu/diary/The%20strange%20case%20of%20disappearing%20Russian%20servers/31476 QNAP Buggy Firmware Update https://community.qnap.com/t/firmware-qts-5-2-2-2950-build-20241114-released/254 7-ZIP Zstandard Decompression Integer Underflow https://www.zerodayinitiative.com/advisories/ZDI-24-1532/ https://7-zip.org/download.html

Increase In Phishing SVG Attachments https://isc.sans.edu/diary/Increase%20In%20Phishing%20SVG%20Attachments/31456 Logging blind spot revealed in FortiClient VPN https://pentera.io/blog/FortiClient-VPN_logging-blind-spot-revealed/ Needrestart Vulnerability https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

Apple Patches Two Exploited Vulnerabilities https://isc.sans.edu/diary/Apple%20Fixes%20Two%20Exploited%20Vulnerabilities/31452 Oracle Patch for Agile Product Lifecycle Management CVE-2024-21287 https://www.oracle.com/security-alerts/alert-cve-2024-21287.html OFBiz Patches CVE-2024-47208 CVE-2024-48962 https://nvd.nist.gov/vuln/detail/CVE-2024-47208 https://seclists.org/oss-sec/2024/q4/95 D-Link Warns of Vulnerability in EOL Devices https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10415

Detecting the Presence of a Debugger in Linux https://isc.sans.edu/diary/Detecting%20the%20Presence%20of%20a%20Debugger%20in%20Linux/31450 Palo Alto Patches https://security.paloaltonetworks.com/CVE-2024-0012 https://security.paloaltonetworks.com/CVE-2024-9474 VMware vCenter Server Attacks https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968e Veritas Enterprise Vault Vulnerability https://www.veritas.com/support/en_US/security/VTS24-014

Unpatched vulnerabilities in Citrix systems are under scrutiny, highlighting risks related to session recording features. Data exposure concerns in Microsoft Power Pages stress the need for user education. The discussion expands to effective access management strategies and important security updates for the Audit Plus application, which has faced SQL injection threats. Additionally, a community night event in Singapore is announced, signaling a collective push for addressing cybersecurity challenges.

An ancient backdoor in TP-Link routers has resurfaced, raising concerns about outdated vulnerabilities. Attackers are strategically targeting GitHub projects with malicious commits to frame researchers. The podcast dives into the ongoing issues with Palo Alto and Fortinet vulnerabilities, emphasizing the criticality of proactive security measures for organizations. Stay informed about these emerging threats and safeguard your systems!

This episode dives into Microsoft's November Patch Tuesday, revealing 83 vulnerabilities, including critical threats that could lead to serious data breaches. It also discusses the alarming trend of APT actors embedding malware in macOS applications. Additionally, insights are shared on CISA's list of routinely exploited vulnerabilities, underscoring the importance of proactive cyber defense measures. Tune in for compelling discussions on the ever-evolving landscape of cybersecurity!

Discover critical vulnerabilities in Veeam Backup and Dell Sonic OS that can pose serious security risks. Learn about the threats from social engineering tactics affecting emergency data requests in the US. Dive into new tools for analyzing malicious PDFs and uncover various vulnerabilities in the Mazda infotainment system and Ruby SAML libraries. The discussion highlights the urgency for improved cybersecurity measures in today's tech landscape.