SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

The podcast dives into increased cyber threats related to the Apache OFBiz vulnerability. A significant certificate revocation incident by DigiCert raises alarms about trust in security certificates. They discuss a major Azure outage that affected services worldwide. Additionally, there's a spotlight on Google's innovative measures to bolster the security of Chrome cookies, underscoring the ever-evolving nature of cybersecurity.

A deep dive into Apple's latest updates reveals fixes for 64 vulnerabilities, including a critical exploit affecting kernel protections. The discussion also uncovers alarming details about a VMware vulnerability actively exploited by ransomware gangs. Additionally, concerns surrounding weak encryption in Voice Over Wi-Fi technology highlight the growing risks in modern communication. Security updates for Apache are brought to the forefront, emphasizing the necessity for robust protection against evolving cyber threats.

In this discussion, experts dive into a malicious Word document that targets a CrowdStrike vulnerability, showcasing the evolving nature of cyber threats. They also highlight a critical cross-site scripting flaw in Hotjar that jeopardizes OAuth security, putting over a million websites at risk. Additionally, the podcast examines a significant email spoofing campaign that exploits Proofpoint’s protection, detailing possible responses to enhance cybersecurity measures. Tune in for insight into these pressing security challenges!

Dive into the dark world of ExelaStealer, a new malware threat with Russian roots. Discover how to create your own BSOD with the quirky 'Not My Fault' tool for crash analysis. Unravel the PKFail vulnerability and its implications on security. The discussion also highlights major firmware vulnerabilities that could affect systems from brands like Lenovo and MSI, stressing the importance of trusted updates. Plus, learn about Microsoft’s efforts to improve the security landscape by tackling kernel driver usage in security software.

Explore the sinister world of X-Worm malware, cleverly using process hollowing for stealthy operations. Discover alarming revelations about how anyone can access deleted and private data on GitHub, raising serious security concerns. Plus, learn about Google's latest enhancement to Chrome that scans encrypted and password-protected files for potential threats. This discussion dives deep into the intersection of malware tactics and evolving cybersecurity measures.

Dive into the world of cyber threats with a look at a malicious Python script that logs keystrokes and mouse movements. Explore a revealing incident report from CrowdStrike that highlights critical configuration management flaws. Additionally, uncover the intriguing story of a North Korean impersonating an IT worker to infiltrate organizations. These discussions shed light on modern cyber risks and the cunning tactics of attackers.

Explore the latest cyber threats targeting D-Link NAS devices and learn about vulnerabilities in Android applications disguising as videos on Telegram. Discover how attackers can bypass Windows Hello strong authentication measures, raising concerns for user security. Additionally, dive into Let's Encrypt's plan to replace OCSP with CRLs and Google's shift in managing third-party cookies, moving towards a privacy-focused approach.

Discover the fallout from a major CrowdStrike incident that affected 8.5 million systems and learn about the daunting recovery efforts underway. The discussion explores the rising tide of phishing attacks and offers insights into effective strategies for managing recovery keys. Tune in for expert advice on navigating these challenges and safeguarding your systems!

A significant flaw in a cybersecurity update has caused widespread crashes on Windows systems. The discussion offers insights into the aftermath of this technical mishap. Listeners will also learn about recovery strategies and confront common myths surrounding the issue. This informative talk sheds light on the intersection of technology and security, highlighting the importance of careful software updates.

Explore Oracle's critical patch update addressing 386 vulnerabilities, including a staggering CVSS score of 9.8. Discover Microsoft's latest advancements in email security with the new inbound SMTP DANE, enhancing protection. Learn how to improve your email reputation with DKIM and insights on upcoming SMTP features. Don't miss the analysis of recent VPN vulnerabilities and novel attack vectors that could jeopardize your connections. It's a treasure trove of information for anyone concerned about cyber security!