Episodios

  • SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory (#)

    SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory (#)
    Dec 8 2025
    SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory nanoKVM Vulnerabilities The nanoKVM device updates firmware insecurely; however, the microphone that the authors of the advisory referred to as "undocumented" may actually be documented in the underlying hardware description. https://www.tomshardware.com/tech-industry/cyber-security/researcher-finds-undocumented-microphone-and-major-security-flaws-in-sipeed-nanokvm Ghostframe Phishing Kit The Ghostframe phishing kit uses iFrames and random subdomains to evade detection https://blog.barracuda.com/2025/12/04/threat-spotlight-ghostframe-phishing-kit WatchGuard Advisory WatchGuard released an update for its Firebox appliance, fixing ten vulnerabilities. Five of these are rated as "High." https://www.watchguard.com/wgrd-psirt/advisories keywords: sipeed; nanokvm; kvm; ghostframe; watchguard
    Más Menos
    6 m
  • SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln (#)

    SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln (#)
    Dec 8 2025
    SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln AutoIT3 Compiled Scripts Dropping Shellcodes Malicious AutoIT3 scripts are usign the "FileInstall" function to include additional scripts at compile time that are dropped as temporary files during execution. https://isc.sans.edu/diary/AutoIT3%20Compiled%20Scripts%20Dropping%20Shellcodes/32542 React2Shell Update The race is on to patch vulnerable systems. Various groups are aggressively scanning the internet with different exploit variants. Some attempt to bypass WAFs. https://blog.cloudflare.com/5-december-2025-outage/ https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/ Apache Tika XXE Flaw Apache's Tika library patched a XXE flaw. https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k keywords: apache; tika; react; autoit3; autoit;
    Más Menos
    6 m
  • SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks (#)

    SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks (#)
    Dec 5 2025
    SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks Nation-State Attack or Compromised Government? [Guest Diary] An IP address associated with the Indonesian Government attacked one of our interns' honeypots. https://isc.sans.edu/diary/Nation-State%20Attack%20or%20Compromised%20Government%3F%20%5BGuest%20Diary%5D/32536 React Update Working exploits for the React vulnerability patched yesterday are not widely available Array Networks Array AG Vulnerablity A recently patched vulnerability in Array Networks' Array AG VPN gateways is actively exploited. https://www.jpcert.or.jp/at/2025/at250024.html keywords: react; ssh; array networks; vpn
    Más Menos
    5 m
  • SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch (#)

    SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch (#)
    Dec 4 2025
    SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch Attempts to Bypass CDNs Our honeypots recently started receiving scans that included CDN specific headers. https://isc.sans.edu/diary/Attempts%20to%20Bypass%20CDNs/32532 React Vulnerability CVE-2025-55182 React patched a critical vulnerability in React server components. Exploitation is likely imminent. https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components Unveiling 3 PickleScan Vulnerabilities The PyTorch AI model security tool, PickleScan, has patched three critical vulnerabilities. https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/ keywords: pytorch; picklescan; react; server components; cdn;
    Más Menos
    7 m
  • SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability (#)

    SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability (#)
    Dec 3 2025
    SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability SmartTube Android App Compromise The key a developer used to sign the Android YouTube player SmartTube was compromised and used to publish a malicious version. https://github.com/yuliskov/SmartTube/issues/5131#issue-3670629826 https://github.com/yuliskov/SmartTube/releases/tag/notification Two Years, 17K Downloads: The NPM Malware That Tried to Gaslight Security Scanners Over the course of two years, a malicious NPM package was updated to evade detection and has now been identified, in part, due to its attempt to bypass AI scanners through prompt injection. https://www.koi.ai/blog/two-years-17k-downloads-the-npm-malware-that-tried-to-gaslight-security-scanners Stored XSS Vulnerability via SVG Animation, SVG URL, and MathML Attributes Angular fixed a store XSS vulnerability. https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49 keywords: angular; xss; svg; mathml; npm; smarttube;
    Más Menos
    6 m
  • SANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext. (#)

    SANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext. (#)
    Dec 2 2025
    SANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext. Hunting for SharePoint In-Memory ToolShell Payloads A walk-through showing how to analyze ToolShell payloads, starting with acquiring packets all the way to decoding embedded PowerShell commands. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Hunting%20for%20SharePoint%20In-Memory%20ToolShell%20Payloads/32524 Android Security Bulletin—December 2025 Google fixed numerous vulnerabilities with its December Android update. Two of these vulnerabilities are already being exploited. https://source.android.com/docs/security/bulletin/2025-12-01 4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign A group or individual released several browser extensions that worked fine for years until an update injected malicious code into the extension https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign keywords: browser; extension; long game; android; zero-day; sharepoint; toolshell
    Más Menos
    6 m
  • SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity (#)

    SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity (#)
    Dec 1 2025
    SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix The latest variant of ClickFix tricks users into copy/pasting commands by displaying a fake blue screen of death. https://www.acronis.com/en/tru/posts/fake-adult-websites-pop-realistic-windows-update-screen-to-deliver-stealers-via-clickfix/ B2B Guest Access Creates an Unprotected Attack Vector Users may be tricked into joining an external Teams workspace as a guest, bypassing protections typically enabled for Teams workspaces. https://www.ontinue.com/resource/blog-microsoft-chat-with-anyone-understanding-phishing-risk/ Geoserver XXE Vulnerability CVE-2025-58360 Geoserver patched an external XML entity (XXE) vulnerability. https://helixguard.ai/blog/CVE-2025-58360 keywords: geoserver; teams; clickfix; xxe; xml
    Más Menos
    6 m
  • SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving (#)

    SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving (#)
    Nov 26 2025
    SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications Spyware attacks messaging applications in part by triggering vulnerabilities in messaging applications but also by deploying tools like keystroke loggers and screenshot applications. https://www.cisa.gov/news-events/alerts/2025/11/24/spyware-allows-cyber-threat-actors-target-users-messaging-applications Stop Putting Your Passwords Into Random Websites
Yes. Just Stop! https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/ Fluentbit Vulnerability https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover Happy Thanksgiving. Next podcast on Monday after Thanksgiving. keywords: fluentbit; passwords; spyware; messaging
    Más Menos
    6 m