SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Credential stuffing attacks are on the rise, and Okta shares insights on defense strategies. In Japan, police use fake payment cards to creatively warn the elderly about scams. The podcast highlights phishing trends, with alarming new campaigns aimed at USPS. Additionally, Chrome 124's update breaks the TLS handshake, raising concerns for web security. Innovators in cybersecurity are pioneering solutions, and upcoming events at the RSA conference are discussed.

Matthew Alan Vorhees, a cybersecurity expert, dives deep into prevention strategies for modern cyber threats. He discusses the critical role of honeypots and effective traffic redirection in monitoring malicious activity. The conversation also highlights living off the land attacks, emphasizing how threat actors exploit established binaries. Vorhees shares strategies for blocking these attacks while ensuring functionality for enterprise users. Additionally, the podcast addresses the unique cybersecurity challenges in regulated medical devices, underscoring the balance between security and operational needs.

Dive into the latest cybersecurity vulnerabilities, including critical Cisco device patches and concerning flaws in keyboard apps that risk exposing keystrokes. Discover the hidden dangers of user-defined database connections in MySQL2 and learn about the newly uncovered Arcane backdoor targeting network devices. Stay informed about the need for firmware updates and don’t miss the upcoming AI Forum centered on information security. Cyber threats are evolving, and awareness is key!

Forest Blizard, an expert in cybersecurity tools and vulnerabilities, joins the discussion to highlight persistent issues like the Struts2 devmode vulnerability still affecting systems after ten years. He analyzes his own custom post-compromise tool for exploiting CVE-2022-38028 and sheds light on crucial updates in the April 2024 Exchange Server hotfix. The conversation also covers alarming threats from the hijacking of antivirus updates, showcasing the ever-evolving landscape of cybersecurity risks.

A staggering rise in industrial devices connected to the internet reveals increasing security vulnerabilities. The discussion dives into how XDR tools, initially designed for defense, can be morphed into offensive weapons. Additionally, a GitLab flaw reminiscent of a GitHub bug is explored, emphasizing the ongoing risks malware can pose. Join the conversation on the intersection of technology and security!

A shift in CVE formats is under discussion, bringing changes that impact how vulnerabilities are reported. The podcast dives into a critical zero-day vulnerability affecting CrushFTP and examines a privilege escalation issue with YubiKey Manager. Meanwhile, they reveal how malware can be distributed using GitHub comments linked to a Microsoft repository. Finally, updates on security challenges facing Palo Alto Networks are highlighted, painting a clear picture of the evolving cyber threat landscape.

Recent vulnerabilities in Delinia Secret Server and Ivanti Avalanche are causing alarm, emphasizing the need for immediate patches. A sophisticated phishing campaign is also targeting mobile users via SMS, showcasing the evolving threat landscape. Dive into advanced attack methods with Hashicorp's Go-getter library vulnerabilities and discover a stealthy virus affecting Ukraine, known for its clever document infections. Cybersecurity is more crucial than ever in this rapidly changing environment!

Discover the alarming use of malicious PDFs that trick users into harmful downloads. Uncover the escalating threat to open-source projects, where attackers exploit maintainers for fast code approvals. Learn about the critical vulnerabilities in container systems that hackers are targeting. Stay informed on updated defensive strategies to combat these emerging security risks.

Hear about major cybersecurity vulnerabilities that emerged in April 2024, including a severe exploit affecting Palo Alto Networks' GlobalProtect. Learn about the risks associated with PuTTY's private key recovery. Discover Oracle's critical patch updates that tackle numerous security issues. Plus, find out how Ivanti is enhancing security for its mobile device management solution. Essential listening for anyone interested in staying ahead of the latest cyber threats!

This discussion dives into critical cybersecurity vulnerabilities recently uncovered, including a significant flaw in Palo Alto Networks. Delinia's Secret Server also faced a critical patch. A newly discovered password reset issue in Lancom's Windows Setup could pose risks. The panel highlights the leak of Duo SMS and VoIP logs, raising concerns about data security. Lastly, an alarming attempted audio deepfake attack on a LastPass employee demonstrates the evolving tactics of cyber threats.