SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Discover the alarming exploitation tactics using MSI packages, revealing how malware slips past antivirus software. Dive into a critical IPv6 vulnerability that could jeopardize your network's integrity. The discussion also covers essential patches released by Ivanti and Adobe, tackling significant vulnerabilities that could allow unauthorized code execution. Stay informed about these pressing security issues and how to effectively mitigate them!

Explore the latest in cybersecurity as critical vulnerabilities and new encryption standards take center stage. Discover Microsoft's recent patch release tackling 92 issues, with nine deemed critical. Dive into the implications of NIST's finalized post-quantum encryption standards, designed to counter future threats. Plus, get the scoop on updates for the Zabbix network monitoring tool that enhance security and functionality. It's a must-listen for anyone invested in staying ahead in the digital landscape!

Discover the alarming vulnerabilities in Google Quick Share, which could allow code execution and protocol exploitation. Users of Chrome and Edge are grappling with malicious extensions that evade removal, highlighting ongoing malware dangers. Additionally, security threats in AMD processor memory could have far-reaching implications. Tune in for essential insights on safeguarding your digital life through timely updates and awareness.

Dive into the complexities of web security as the discussion unravels the nuances of same origin policy and cross-origin resource sharing. Tackle the challenges of email parsing and how outdated protocols can lead to impersonation risks. Explore alarming vulnerabilities in Apache HTTP Server and GL.Inet routers, while also learning about a newly discovered spoofing flaw in Microsoft Office. It’s a vital listen for anyone keen on staying informed in the fast-evolving world of cybersecurity!

Dive into the latest in cybersecurity with a focus on anti-phishing measures in Microsoft 365. Discover the risks linked to email security vulnerabilities and the implications of recent SSH vulnerabilities uncovered at Black Hat. Also, learn about macOS Sequoia's new privacy prompts and the growing user fatigue surrounding permission requests. The discussion sheds light on pressing issues and innovative tools to bolster security.

Delve into the intriguing world of browser behavior as experts discuss a technique exploiting localhost APIs, using the IP address 0.0.0.0 to bypass security measures. Tune in for insights on Apple's recent efforts to enhance Gatekeeper protections and the implications of routine updates. Plus, uncover the risks associated with downgrade attacks in Windows updates, revealing vulnerabilities that could jeopardize system integrity. Safety, security, and intrigue intertwine in this captivating discussion.

Explore the troubling SQL injection vulnerability in GeoServer, emphasizing its potential impact despite low exploit rates. Discover CrowdStrike's analysis of a recent outage and the alarming risks tied to Kibana software vulnerabilities. The importance of timely software updates comes to light, with insights on an Android update addressing privilege escalation issues. Additionally, learn about privacy risks from outdated Ubiquity devices and the crucial role of organizations in monitoring threat landscapes.

Dive into the dark side of cybersecurity as the hosts explore malware techniques like script obfuscation in Visual Basic. Learn about a significant vulnerability in CrowdStrike's software that caused massive blue screens. Discover the dangers lurking in OFBiz and the recent XSS vulnerabilities found in Roundcube, exposing how easily unprotected web applications can be exploited. This episode packs a punch with essential insights for anyone keen on staying ahead in the ever-evolving landscape of cyber threats.

A major certificate authority for Secure Boot will expire in 2026, raising concerns about system security and the need for timely updates. The podcast discusses how file format changes can affect spreadsheet verification. There’s also a deep dive into the dangers of compromised ISPs delivering malicious software updates, stressing the importance of digitally signed updates. Additionally, DARPA's TRACTOR program is highlighted, showcasing efforts to improve programming safety by converting C code into Rust.

Discover the intriguing world of proxy scans and their dual use in cyber threats. Learn how threat actors impersonate major companies, like Google, to trick users with fake ads. Uncover the surprisingly easy tactics of domain hijacking and its implications for cybersecurity. This discussion sheds light on the importance of vigilance and protective measures in an increasingly complex digital landscape.