SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Discussion of a CVSS 10 Oracle WebLogic vulnerability and odd nonfunctional exploit attempts seen in honeypot logs. Coverage of an AI-generated exploit circulating on GitHub and the risks of relying on AI-crafted signatures. Update on Fortinet SSO patches rolling out and debate over re-enabling SSO. Brief note on SolarWinds Web Help Desk remote code execution flaws and other recent patches.

A run-through of how romance scams begin with misrouted texts and why victims often resist admitting they were targeted. A look at ongoing React Server Components fixes that address denial-of-service issues. Rundown of OpenSSL monthly updates correcting a potential remote code execution risk. Examination of Kubernetes Helm chart permission confusion that can enable node/proxy remote code execution.

Scanners are appending pwd output to web URLs to hunt for exposed OS paths and config files. A new out-of-band Microsoft Office patch fixes an actively exploited COM/OLE bypass. Many CloudBot instances are left exposed without access control, risking full remote takeover. Brief notes on Apple updates and recommended mitigations round out the discussion.

A rundown of a FortiOS SAML single-sign-on bypass and why any SAML integration can be at risk. Discussion of a Microsoft out-of-band Outlook update that fixes issues from recent patches. Coverage of VMware vCenter vulnerabilities that are now being actively exploited and advice on avoiding publicly exposed admin interfaces.

Is AI-generated code secure? A review reveals it can have minor issues even with advanced assistance. Attackers exploit vulnerabilities in FortiGate devices through SSO accounts, leading to significant risks. A new ISC BIND flaw can crash systems using specific Drone ID records. Additionally, SmarterMail has a concerning vulnerability allowing admin password resets without prior authentication. These topics highlight the constant battle against evolving security threats.

Visual Studio Code can automatically execute scripts, raising concerns about trusting source code. A critical remote code execution vulnerability in Cisco Unified Communications products leaves systems open to attack. Meanwhile, a command injection flaw in Zoom's multimedia routers has been patched, but not before posing risks to users. Discussions around a potential bypass for Fortinet's single sign-on have emerged, urging caution while awaiting fixes. Additionally, insights from the latest SOC survey are solicited to enhance cybersecurity practices.

Explore the intriguing world of Punycode and its role in threat hunting, as experts suggest looking for specific patterns in DNS logs to sniff out impersonation attempts. Uncover critical vulnerabilities in legacy telnetd, where an authentication bypass could lead to serious security breaches. Discover the introduction of six-day certificates by Let’s Encrypt, particularly for IP addresses, and hear about Oracle's latest patch update that addresses a staggering 337 vulnerabilities. Stay informed and secure!

Attackers are using clever queries to scan and fingerprint exposed LLMs. Mandiant has released rainbow tables for the outdated Net-NTLMv1 protocol to expedite its deprecation. A recent out-of-band update from Microsoft addresses critical issues from the January security patch, affecting multiple Windows versions. Additionally, a new exploit technique involving Google Calendar and Gemini allows for the sneaky exfiltration of future meeting summaries. These insights highlight the ongoing challenges in cybersecurity.

Discover the hidden dangers of cryptojacking, where miners use SSH backdoors to exploit systems. Learn about a flaw in Google's Fast Pair protocol that allows nearby devices to hijack Bluetooth accessories. Explore how Microsoft Copilot prompts can be manipulated through clever URL tricks, potentially misleading users. This episode highlights the risks of social engineering and emphasizes the need for vigilance when clicking links. Tune in for essential cybersecurity insights!

Luma Stealer is causing chaos by repeatedly adding scheduled tasks to download malicious payloads. An alarming flaw in ServiceNow, dubbed 'BodySnatcher', exposes the risk of broken authentication due to shared credentials. Meanwhile, in Iran, GPS spoofing has disrupted Starlink services, raising questions about satellite positioning limits. A proposed fix suggests leveraging Starlink satellites for better location accuracy to counteract such interference. Tune in for an insightful analysis of these pressing cybersecurity issues!