SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Explore the challenges of setting up secure home networks and the intriguing deployment of honeypots in Azure using Terraform. Uncover security issues surrounding Ubiquiti Unifi cameras that left many exposed. Dive into the realm of Zoom vulnerabilities and a new vulnerability scoring system. Don't miss the discussion on a critical denial of service vulnerability affecting web proxies. It's a rich blend of technical insights and pressing security concerns!

Explore the complexities of a deceptive Python script that pretends to be a legitimate tool, all while stealing user credentials. Discover essential Adobe security patches that tackle vulnerabilities in their products. The discussion also touches on critical exploits in software like JetBrains TeamCity and outdated Sophos firewalls, emphasizing the urgent need for patches. Finally, celebrate the Difference Maker Award winners, highlighting the significance of timely updates in the cybersecurity community.

This discussion dives into Microsoft's recent Patch Tuesday, highlighting 35 vulnerabilities and four critical ones that could allow for remote code execution. It reveals alarming insights about malicious OAuth applications used in financially motivated attacks. Additionally, there’s a focus on a serious vulnerability in Apache Struts, emphasizing the urgency to address its publicly available exploit. Stay informed and secure with these vital cybersecurity updates!

Dive into the importance of sitemap.xml files for penetration testing, revealing how they can expose hidden website vulnerabilities. Learn about the latest critical security updates from Apple that patch various flaws. Discover alarming insights from Black Hat Europe, where researchers uncovered significant vulnerabilities in password managers, showing how malicious apps can compromise user credentials and highlighting the need for better safeguards.

Dive into the world of cybersecurity as unusual IPv6 notations are discussed, revealing their potential for obfuscation. The episode also highlights critical vulnerabilities in Bluetooth technology and the Syrus 4 IoT gateway, which could pose risks to thousands of vehicles. Microsoft Edge's recent security issue gets the spotlight too. Additionally, contributions from interns are acknowledged, showcasing the collaborative spirit in tackling emerging threats in the digital landscape.

Discover the hidden risks associated with 5G technologies and how they can lead to denial of service attacks. Learn about the security threats posed by QR codes and the importance of being vigilant. The discussion also highlights the end of support for Windows 10, urging users to transition to newer systems. Additionally, a critical vulnerability in Apache Struts is uncovered, emphasizing the need for immediate attention to safeguard against potential exploits.

Delve into the implications of internet scanning, including a new RFC that may enhance attribution for probes. Explore a significant vulnerability in the MLflow machine learning framework, highlighting crucial security practices. The discussion also sheds light on monitoring AWS Secure Token Service usage and recent updates addressing vulnerabilities in Atlassian products. Plus, don’t miss the Holiday Hack Challenge for a fun twist on security awareness!

Discover the latest enhancements in Cobalt Strike analysis, particularly the ability to extract runtime configurations from memory. Learn about dangerous ColdFusion exploits and the urgent need for bolstered cybersecurity defenses. The discussion also highlights critical vulnerabilities in Atos Unify OpenScape, focusing on argument injection and privilege escalation risks. Additionally, explore emerging threats related to web shells and unauthorized modifications within communication systems, emphasizing proactive security measures.

Delve into the tactics employed by pro-Russian hacktivists, focusing on their exploitation of vulnerabilities in platforms like SharePoint. Discover ICANN's new system designed to notify domain owners of abuses. Plus, catch up on the latest security patches for Android and GitLab, ensuring your digital world remains resilient. This discussion covers critical updates that are shaping the cyber landscape.

Today’s discussion highlights alarming UEFI firmware vulnerabilities that could compromise systems at boot. A clever phishing scam targeting WordPress users is tricking individuals into installing a backdoor plugin. Additionally, Cactus Ransomware has exploited Qlik Sense, raising concerns about data security. The hosts also touched on the importance of patching vulnerabilities, including a recent fix from VMWare. Cybersecurity vigilance is emphasized as threats continue to evolve.