SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Explore innovative ways to analyze IP activity over time using Vega-Lite and Kibana. Discover the latest attack tool updates that disrupt Windows systems. Delve into the troubling connection between Iranian cyber actors and ransomware targeting US organizations. Learn about Confluence vulnerabilities exploited for crypto mining and the risks associated with hard-coded credentials in Fortra's products. Stay informed about the evolving cybersecurity landscape and the critical need for robust defenses.

The podcast dives into the surprising surge of Python in cyber attacks targeting Windows systems, raising alarms about its implications for security measures. It alerts listeners to a critical OFBIZ vulnerability requiring immediate updates, alongside an exploration of threats to Versa Director. Additionally, unsettling news emerges regarding Intel's security key leak, emphasizing the urgency for cybersecurity vigilance. Stay informed on these pressing risks that could impact your digital safety!

Delve into the intricate world of malware obfuscation, featuring a case study on byte order marks used by cybercriminals. Discover the nuances of a patched Windows vulnerability tied to IPv6 packet processing and the security risks posed by missing extension headers. Learn how attackers can exploit these weaknesses to execute arbitrary code, alongside effective detection and mitigation strategies to safeguard systems.

Dive into the complexities of data parsing with the pandas library while navigating recent cloud performance issues that have affected CrowdStrike. Discover the dangers of the new Android malware CopyBara, posing significant threats to users. Stay informed about a new vulnerability found in SonicWall's OS, stressing the urgency of timely patching to safeguard against unauthorized access. A crucial listen for anyone concerned about cybersecurity developments!

Unexpected web traffic from OpenAI raises eyebrows as they scan for WordPress vulnerabilities. Recent findings reveal broken Linux boot partitions after a Microsoft update, alongside a critical Chrome zero-day fix. Cisco addresses a zero-day exploit linked to a Chinese threat group, while SolarWinds deals with a helpdesk backdoor issue. A deep dive into memory-safe programming languages highlights their potential to enhance software security and mitigate systemic vulnerabilities, stressing the need for robust development practices.

Discover how DNSTwist is mapping threats and mitigating risks in cybersecurity. Delve into the vulnerabilities found in Slack AI and the alarming rise of phishing attacks through progressive web applications. Learn about QNAP's innovative ransomware security center, designed to bolster data protection. The discussion also highlights initiatives like the Boston Security Camp, which is dedicated to enhancing cybersecurity education in higher learning institutions.

Dive into the recent Microsoft IPv6 vulnerability and its implications, with a nod to previous experiences. Discover the headaches dual boot users face when secure boot fails after updates. Explore the concerning PHP CGI vulnerability being actively exploited, as well as current threats affecting Windows and Linux systems. The discussion also sheds light on critical vulnerabilities in F5's BIG-IP and Nginx, stressing the importance of immediate patching to fend off attacks.

Dive into the quirky world of cyber threats with a fascinating discussion on donut-themed shellcode delivered via PowerShell! Learn about critical vulnerabilities in Microsoft apps for Mac that could lead to stolen permissions. The episode reveals a surprising loophole in digital wallet security, highlighting risks even for rightful cardholders. Finally, the podcast covers current banking security practices and exposes a serious Windows IPv6 vulnerability that demands attention. Perfect for tech enthusiasts and security buffs alike!

The discussion dives into a Python script designed to enhance web honeypot log analysis. Alarming trends in cyber threats are highlighted, particularly a large-scale cloud extortion operation. Google unveils a privacy feature that redacts sensitive information during Android screen sharing. The podcast also tackles the dangers posed by malicious search ads targeting Google products and examines vulnerabilities in Shimano’s electronic bike shifters, posing risks for cyclists.

Ed Skoudis, a cybersecurity guru and co-founder of the Cyber Mentor program, and Paul Maurer, noted for his work on the Cyber Code of Honor, delve into pressing cyber ethics. They discuss the ethical dilemmas that professionals face, like vulnerability disclosure and budget cuts, emphasizing the need for a strong ethical framework. Highlights include the importance of a comprehensive ethics code, potential challenges, and how to navigate real-world scenarios in a complex digital landscape. Their insights aim to foster a responsible and respectful cybersecurity community.