SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Today's discussion dives into the evolving threat of Kong Tuke, tracing its origins to a ClickFix attack. The complexities of traffic direction systems are unpacked, illustrating their significance in the cyber underground economy. A major outage at Cloudflare is attributed to a faulty bot protection configuration, highlighting the risks of automated scripts. Additionally, Google addresses urgent vulnerabilities in Chrome, including a zero-day exploit already in the wild, stressing the importance of quick updates.

Explore the fascinating world of binary expression decoding where arithmetic operations are now simplified with a new hex script. Discover the alarming NPM pollution incident, with 150,000 spammy submissions aimed at tricking the system for a new tea token. Lastly, learn about critical vulnerabilities patched in IBM AIX's NIMSH daemon, including a serious remote code execution threat. Tune in for a blend of tech insights and cybersecurity updates!

Fortinet recently admitted to a critical vulnerability in FortiWeb after exploit attempts were discovered. The podcast dives into how attackers use directory traversal and JSON impersonation to access admin functions. It also covers the emerging ClickFix attacks, where malicious PowerShell code tricks users into bypassing security measures. Additionally, learn how attackers leverage the finger.exe binary to retrieve payloads and the importance of monitoring network traffic to detect such threats.

A nefarious SmartApeSG campaign has emerged, using ClickFix to deliver the NetSupport RAT through clever redirection. Meanwhile, Formbook showcases its crafty obfuscation techniques by utilizing multiple scripts to evade detection. The discussion also highlights newly patched vulnerabilities in sudo-rs, revealing risks beyond memory safety. Lastly, the SANS Holiday Hack Challenge is back, featuring engaging micro challenges ideal for novices, along with themes and prizes that promise to excite participants!

A new release candidate for the OWASP Top 10 list is changing the game, adding critical focus on supply-chain vulnerabilities. Learn how advanced threats exploited zero-day vulnerabilities in Citrix and Cisco to deploy web shells. Plus, there’s a spotlight on tools for assessing your readiness for post-quantum cryptography, ensuring your services can withstand future computing threats. Don't miss these essential updates that could shape your cybersecurity strategies!

This segment dives into critical updates from Microsoft, highlighting vulnerabilities with serious risks, including a Windows kernel bug that is being actively exploited. The dangers of the Gladinet Triofox vulnerability are discussed, revealing how it can allow attackers to gain admin access simply by manipulating the Host header. Additionally, updates on SAP's patching efforts for significant SQL vulnerabilities are covered. Lastly, insights into Ivanti Endpoint Manager's risk management and patch guidance are shared, ensuring listeners stay ahead of threats.

Honeypots are revealing username scans related to 3CX business phone systems, highlighting vulnerabilities in predictable usernames and passwords. A controversy unfolds around a default password issue in WatchGuard products, which has garnered CVE attention following a firmware update. Additionally, a code execution vulnerability in the JavaScript expr-eval library raises security concerns, with recommendations for developers to patch and audit their code using npm. Tune in for critical insights into the evolving landscape of cybersecurity!

Attackers are increasingly scanning for exposed code repositories, prompting calls for proactive security measures. Newly discovered malicious NuGet packages are delivering time-delayed attacks targeting industrial control systems, raising alarms in cybersecurity circles. Additionally, research reveals that encrypted traffic to large language models can leak user prompt information based on packet sizes, highlighting new vulnerabilities. Stay tuned to understand these emerging threats and how to protect against them!

Discover how PowerShell can be a powerful tool for correlating malware samples with honeypot logs. Learn about the alarming expansion of the RondoDox bot, which now boasts new exploits. Stay informed with the latest Google Chrome update addressing five critical vulnerabilities, including severe risks related to WebGPU. Additionally, listen in on discussions surrounding urgent Cisco patches that tackle serious security flaws, potentially allowing unauthorized system access. Cybersecurity insights you can't afford to miss!

Discover the latest enhancements to the Domainname API, making data retrieval faster and more flexible. Dive into the alarming Microsoft Teams vulnerabilities that allow for easy impersonation and spoofing of users. Learn about the in-depth analysis of the VSHELL remote control implant, highlighting its functionality and detection strategies. Stay alert against unexpected internal messages with practical advice on verification. This episode is packed with critical insights for navigating today’s cybersecurity landscape.