SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A critical vulnerability in MoveIt software is making waves, allowing unauthorized server access that organizations must address immediately. There's a deep dive into a supply chain attack targeting Polyfill.io, affecting over 100,000 websites. The risks don't stop there; a JavaScript library flaw threatens former clients with ransomware reinfection. Plus, the spotlight is on Apple AirPods, reminding users of the importance of firmware updates to stay secure. Stay informed on these pressing cybersecurity matters!

Discover a fascinating study revealing how latency changes in network traffic can infer website visits, even without direct data access. Dive into new cybersecurity techniques that leverage Management Safe Console files for code execution. Uncover vulnerabilities in Wyze cameras and Realtek Wi-Fi drivers that could leave users exposed. The implications of these findings and techniques raise important questions about online privacy and security. Don’t miss the intriguing insights into the evolving landscape of cybersecurity threats!

The podcast dives into the emerging threat landscape, focusing on scanners targeting cloud configuration files. It discusses critical vulnerabilities in Java Spring and an urgent SQL Server update from Microsoft. There's also an in-depth look at the latest updates for Juniper Secure Analytics, which tackle over 200 vulnerabilities. Lastly, it highlights a concerning buffer overflow exploit affecting Apple's macOS and iOS, stressing the importance of regular system updates to mitigate risks.

The latest cybersecurity developments unveil Sysinternals Process Monitor 4.01, packed with new features. Concerns arise over potential US sanctions against Kaspersky. A critical buffer overflow in Phoenix UEFI firmware could impact numerous Intel devices, raising alarm bells in the digital supply chain. Important updates for GhostScript and JS2py vulnerabilities are discussed, emphasizing the risks of running untrusted code. Stay informed about these vital security updates!

Discover essential free tools to bolster authentication security on Ubuntu systems. Explore the latest vulnerabilities in Atlassian Confluence and how they can impact your projects. Dive into the complexities of email address formatting and the security risks of poor validation practices. Additionally, learn about important updates from Broadcom to patch various vulnerabilities in VMWare's vCenter server software. Stay informed and secure in the ever-evolving landscape of cybersecurity.

Discover the alarming vulnerabilities linked to the compromised NetSupport remote access tool and the unprotected backdoor in D-Link routers. Learn about the critical security updates for iTerm2, spotlighting issues related to tmux integration. The urgency of patching high-risk vulnerabilities in Nextcloud is also tackled, as these flaws could severely jeopardize multi-factor authentication systems. Stay informed and secure in the ever-evolving landscape of cyber threats.

This discussion highlights tools for managing JSON data and dives into Python's 'sleepy pickle' vulnerability. The challenges of detecting headless Chrome are examined, alongside a new tool for evaluating browser extension safety. Additionally, critical security updates for Asus routers are revealed, emphasizing the importance of addressing vulnerabilities in network devices.

Discover the fascinating world of jq, a powerful command line tool for JSON parsing. Dive into critical vulnerabilities in Microsoft Outlook and learn how these flaws could impact users. Explore the emerging threat of pickle file attacks on machine learning models, revealing the risks associated with this technology. Get insights on how to safeguard personal email accounts in light of these vulnerabilities. Plus, stay tuned for exciting updates on future podcast events!

Discover how reconnaissance activities reveal intriguing patterns in Microsoft Message Queue traffic. Learn about Adobe's critical updates addressing vulnerabilities in its products, including Commerce and Cold Fusion. Delve into the alarming exploitation of a privilege escalation flaw by Black Basta ransomware. The discussion also highlights the complexities of forensic analysis in these incidents and reviews essential Android updates that patch critical vulnerabilities.

Get ready for a deep dive into the latest security landscape! This discussion covers crucial June patches from Microsoft, highlighting 58 vulnerabilities, including a major flaw in the Message Queuing Service. The podcast also reveals a worrying vulnerability in JetBrains' GitHub plugin and addresses risks in Veeam Recovery Orchestrator. Plus, an intriguing insight into a potential threat posed by internet-connected treadmills adds an unexpected twist!