Контент предоставлен SANS ISC Handlers and Johannes B. Ullrich. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией SANS ISC Handlers and Johannes B. Ullrich или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
Player FM - приложение для подкастов
Работайте офлайн с приложением Player FM !
Работайте офлайн с приложением Player FM !
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Отметить все как (не)прослушанные ...
Manage series 19634
Контент предоставлен SANS ISC Handlers and Johannes B. Ullrich. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией SANS ISC Handlers and Johannes B. Ullrich или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
2958 эпизодов
Отметить все как (не)прослушанные ...
Manage series 19634
Контент предоставлен SANS ISC Handlers and Johannes B. Ullrich. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией SANS ISC Handlers and Johannes B. Ullrich или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
2958 эпизодов
所有剧集
×S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS ISC Stormcast Jan 31st 2025: Old Netgear Vuln in Depth; Lightning AI RCE; Canon Printer RCE; Deepseek Leak; 5:40
PCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary] https://isc.sans.edu/diary/PCAPs%20or%20It%20Didn%27t%20Happen%3A%20Exposing%20an%20Old%20Netgear%20Vulnerability%20Still%20Active%20in%202025%20%5BGuest%20Diary%5D/31638 RCE Vulnerablity in AI Development Platform Lightning AI Noma Security discovered a neat remote code execution vulnerability in Lightning AI. This vulnerability is exploitable by tricking a logged in user into clicking a simple link. https://noma.security/noma-research-discovers-rce-vulnerability-in-ai-development-platform-lightning-ai/ Canon Laser Printers and Small Office Multifunctional Printer Vulnerabilities Canon fixed three different vulnerablities affecting various laser and small office multifunctional printers. These vulnerabilities may lead to remote code execution, and there are some interesting exploit opportunities https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers Deepseek ClickHouse Database Leak https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch 5:33
From PowerShell to a Python Obfuscation Race! This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows https://isc.sans.edu/diary/From%20PowerShell%20to%20a%20Python%20Obfuscation%20Race!/31634 Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices An exploit for this week's Fortinet vulnerability is for sale on russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release https://x.com/MonThreat/status/1884577840185643345 https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376 The Tainted Voyage: Uncovering Voyager's Vulnerabilities Sonarcube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads. https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/ Hackers exploit critical unpatched flaw in Zyxel CPE devices A currently unpatches vulnerablity in Zyxel devices is actively exploited. https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/ VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217) VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code 6:07
Learn about fileless crypto stealers written in Python, the ongoing exploitation of recent SimpleHelp vulnerablities, new Apple Silicon Sidechannel attacks a Team Viewer Vulnerablity and an odd QR Code Fileless Python InfoStealer Targeting Exodus This Python script targets Exodus crypto wallet and password managers to steal crypto currencies. It does not save exfiltrated data in files, but keeps it in memory for exfiltration https://isc.sans.edu/diary/Fileless%20Python%20InfoStealer%20Targeting%20Exodus/31630 Campaign Exploiting SimpleHelp Vulnerablity Arcticwolf observed attacks exploiting SimpleHelp for initial access to networks. It has not been verified, but is assumed that vulnerabilities made public about a week ago are being exploited. https://arcticwolf.com/resources/blog-uk/arctic-wolf-observes-campaign-exploiting-simplehelp-rmm-software-initial-access/ Two new Side Channel Vulnerabilities in Apple Silicon SLAP (Data Speculation Attacks via Load Address Prediction): This attack exploits the Load Address Predictor in Apple CPUs starting with the M2/A15, allowing unauthorized access to sensitive data by mispredicting memory addresses. FLOP (Breaking the Apple M3 CPU via False Load Output Predictions): This attack targets the Load Value Predictor in Apple's M3/A17 CPUs, enabling attackers to execute arbitrary computations on incorrect data, potentially leaking sensitive information. https://predictors.fail/ Teamviewer Security Bulletin Teamviewer patched a privilege escalation vulnerability CVE-2025-0065 https://www.teamviewer.com/en-us/resources/trust-center/security-bulletins/tv-2025-1001/ Odd QR Code A QR code may resolve to a different URL if looked at at an angle. https://mstdn.social/@isziaui/113874436953157913 Limited Discount for SANS Baltimore https://sans.org/u/1zQd…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches 6:14
This episode shows how attackers are bypassing phishing filter by abusing the "shy" softhyphen HTML entitiy. We got an update from Apple fixing a 0-day vulnerability in addition to a number of other issues. watchTowr show how to exploit an interesting FortiOS vulnerability and we have patches for Github Desktop and Apache Solr An unusal shy z-wasp phish https://isc.sans.edu/diary/An%20unusual%20%22shy%20z-wasp%22%20phishing/31626 How the soft hyphen "shy" HTML entity can be abused to bypass e-mail filters Apple Patches https://support.apple.com/en-us/100100 Apple released patches for all of its operating systems, fixing a 0-day vulnerability among many others issues Get Fortirekt I am the Super_admin now https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/ Details about a recent FortiOS Vulnerability GitHub Desktop Vulnerability https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html Apache Solr Vulnerability https://solr.apache.org/security.html#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS ISC Stormcast, Jan 27, 2025: Access Brokers; Llama Stack Vuln; ESXi SSH Tunnels; Zyxel Boot Loops; Subary StarLeak 6:28
Guest Diary: How Access Brokers Maintain Persistence Explore how cybercriminals utilize access brokers to persist within networks and the impact this has on organizational security. https://isc.sans.edu/forums/diary/Guest+Diary+How+Access+Brokers+Maintain+Persistence/31600/ Critical Vulnerability in Meta's Llama Stack (CVE-2024-50050) A deep dive into CVE-2024-50050, a critical vulnerability affecting Meta's Llama Stack, with exploitation details and mitigation strategies. https://www.oligo.security/blog/cve-2024-50050-critical-vulnerability-in-meta-llama-llama-stack ESXi Ransomware and SSH Tunneling Defense Strategies Learn how to fortify your infrastructure against ransomware targeting ESXi environments, focusing on SSH tunneling and proactive measures. https://www.sygnia.co/blog/esxi-ransomware-ssh-tunneling-defense-strategies/ Zyxel USG FLEX/ATP Series Application Signature Recovery Steps Addressing issues with Zyxel s USG FLEX/ATP Series application signatures as of January 24, 2025, with a detailed recovery guide. https://support.zyxel.eu/hc/en-us/articles/24159250192658-USG-FLEX-ATP-Series-Recovery-Steps-for-Application-Signature-Issue-on-January-24th-2025 Subaru Starlink Vulnerability Exposed Cars to Remote Hacking Discussing how a vulnerability in Subaru s Starlink system left vehicles susceptible to remote exploitation and the steps taken to resolve it. https://www.securityweek.com/subaru-starlink-vulnerability-exposed-cars-to-remote-hacking/…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS ISC Stormcast, Jan 24, 2025: XSS in Email, SonicWall Exploited; Cisco Vulnerablities; AI and SOAR (@sans_edu research paper by Anthony Russo) 14:45
In today's episode, learn how an attacker attempted to exploit webmail XSS vulnerablities against us. Sonicwall released a critical patch fixing an already exploited vulnerability in its SMA 1000 appliance. Cisco fixed vulnerabilities in ClamAV and its Meeting Manager REST API. Learn from SANS.edu student Anthony Russo how to take advantage of AI for SOAR. XSS Attempts via E-Mail https://isc.sans.edu/diary/XSS%20Attempts%20via%20E-Mail/31620 An analysis of a recent surge in email-based XSS attack attempts targeting users and organizations. Learn the implications and mitigation techniques. SonicWall PSIRT Advisory: CVE-2025-23006 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 CVE-2025-23006 Details of a critical vulnerability in SonicWall appliances (SNWLID-2025-0002) and what you need to do to secure your systems. Cisco ClamAV Advisory: OLE2 Parsing Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA A DoS vulnerability in the popular open source anti virus engine ClamAV Cisco CMM Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-privesc-uy2Vf8pc A patch of a privilege escalation flaw in Cisco s CMM module.…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS ISC Stormcast, Jan 23, 2025: PFSync Protocol; Oracle CPU; Korean VPN Supply Chain Attack; Ivanti Guidance 7:49
In today's episode, we start by talking about the PFSYNC protocol used to synchronize firewall states to support failover. Oracle released it's quarterly critical patch update. ESET is reporting about a critical VPN supply chain attack and CISA released guidance for victims of recent Ivanti related attacks. Catching CARP: Fishing for Firewall States in PFSync Traffic https://isc.sans.edu/diary/Catching%20CARP%3A%20Fishing%20for%20Firewall%20Stat%20es%20in%20PFSync%20Traffic/31616)** Discover how attackers exploit PFSync traffic to manipulate firewall states. This deep dive explores vulnerabilities and mitigation strategies in network defense. Oracle Critical Patch Update January 2025 https://www.oracle.com/security-alerts/cpujan2025.html)** Oracle's January 2025 patch release addresses numerous critical vulnerabilities across their product suite. Learn about key updates and how to secure your systems. PlushDaemon: Compromising the Supply Chain of a Korean VPN Service https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/ ESET Research uncovers PlushDaemon, a sophisticated supply chain attack targeting a Korean VPN provider. Understand the implications for supply chain security. CISA Cybersecurity Advisory: AA25-022A https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a The latest advisory highlights active threats and mitigation strategies for critical infrastructure. Stay ahead with CISA s guidance on emerging cyber risks.…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS ISC Stormcast, Jan 22, 2025: Geolocation via Starlink and Cloudflare; AI Prompt Risks; Homebrew Phishing 9:16
This episodes covers how Starlink users can be geolocated and how Cloudflare may help deanonymize users. The increased use of AI helpers leads to leaking data via careless prompts. Geolocation and Starlink https://isc.sans.edu/diary/Geolocation%20and%20Starlink/31612 Discover the potential geolocation risks associated with Starlink and how they might be exploited. This diary entry dives into new concerns for satellite internet users. Deanonymizing Users via Cloudflare https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117 Deanonymizing users by identifying which cloudflare server cashed particular content Sage's AI Assistant and Customer Data Concerns https://www.theregister.com/2025/01/20/sage_copilot_data_issue/ Examine how a Sage AI tool inadvertently exposed sensitive customer data, raising questions about AI governance and trust in business applications. The Threat of Sensitive Data in Generative AI Prompts https://www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts Analyze how employees careless prompts to generative AI tools can lead to sensitive data breaches and the importance of awareness training. Homebrew Phishing https://x.com/ryanchenkie/status/1880730173634699393…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS ISC Stormcast, Jan 21, 2025: Downloading Partial ZIP files; Remote Tools Used in Attakcs; Azure DevOps SSRF 6:20
In this episode, we talk about downloading and analyzing partial ZIP files, how legitimate remote access tools are used in recent compromises and how a research found an SSRF vulnerability in Azure DevOps Partial ZIP File Downloads A closer look at how attackers are leveraging partial ZIP file downloads to bypass file verification systems and plant malicious content. https://isc.sans.edu/diary/Partial%20ZIP%20File%20Downloads/31608 Ukrainian CERT Advisory on AnyDesk Threat The Ukrainian CERT provides detailed guidance on identifying and mitigating recent cyber threats exploiting AnyDesk for unauthorized access. https://cert.gov.ua/article/6282069 Finding SSRFs in Azure DevOps An in-depth analysis of how server-side request forgery (SSRF) vulnerabilities are discovered and exploited in Azure DevOps pipelines. https://binarysecurity.no/posts/2025/01/finding-ssrfs-in-devops…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS ISC Stormcast, Jan 20, 2025: Honeypots for Offense; SimpleHelp and UEFI Secure Boot Vulnerabilities 3:24
In this episode, we cover how to use honeypot data to keep your offensive infrastructure alive longer, three critical vulnerabilities in SimpleHelp that must be patched now, and an interesting vulnerability affecting many systems allowing UEFI Secure Boot bypass. Leveraging Honeypot Data for Offensive Security Operations [Guest Diary] A recent guest diary on the SANS Internet Storm Center discusses how offensive security professionals can utilize honeypot data to enhance their operations. The diary highlights the detection of scans from multiple IP addresses, emphasizing the importance of monitoring non-standard user-agent strings in web requests. https://isc.sans.edu/diary/Leveraging%20Honeypot%20Data%20for%20Offensive%20Security%20Operations%20%5BGuest%20Diary%5D/31596 Security Vulnerabilities in SimpleHelp 5.5.7 and Earlier SimpleHelp has released version 5.5.8 to address critical security vulnerabilities present in versions 5.5.7 and earlier. Users are strongly advised to upgrade to the latest version to prevent potential exploits. Detailed information and upgrade instructions are available on SimpleHelp's official website. https://simple-help.com/kb---security-vulnerabilities-01-2025#send-us-your-questions Under the Cloak of UEFI Secure Boot: Introducing CVE-2024-7344 ESET researchers have identified a new vulnerability, CVE-2024-7344, that allows attackers to bypass UEFI Secure Boot on most UEFI-based systems. This flaw enables the execution of untrusted code during system boot, potentially leading to the deployment of malicious UEFI bootkits. Affected users should apply available patches to mitigate this risk. https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS ISC Stormcast, Jan 17, 2025: Analyzing Complex Datasets, Citrix Update Issues, Ivanti's Security Advisory, and the Future of Passkeys (@sans_edu) 12:50
In this episode, we explore the efficient storage of honeypot logs in databases, issues with Citrix's Session Recording Agent and Windows Update. Ivanti is having another interesting security event and our SANS.edu graduate student Rich Green talks about his research on Passkeys. Extracting Practical Observations from Impractical Datasets: A SANS Internet Storm Center diary entry discusses strategies for analyzing complex datasets to derive actionable insights. https://isc.sans.edu/diary/Extracting%20Practical%20Observations%20from%20Impractical%20Datasets/31582 Citrix Session Recording Agent Update Issue: Citrix reports that Microsoft's January security update fails or reverts on machines with the 2411 Session Recording Agent installed, providing guidance on addressing this issue. https://support.citrix.com/s/article/CTX692505-microsofts-january-security-update-failsreverts-on-a-machine-with-2411-session-recording-agent?language=en_US Ivanti Endpoint Manager Security Advisory: Ivanti releases a security advisory for Endpoint Manager versions 2024 and 2022 SU6, detailing vulnerabilities and recommended actions. https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US Revolutionizing Enterprise Security: The Exciting Future of Passkeys Beyond Passwords: A SANS.edu research paper explores the shift from traditional passwords to passkeys, highlighting the benefits and challenges of adopting passwordless authentication methods. https://www.sans.edu/cyber-research/revolutionizing-enterprise-security-exciting-future-passkeys-beyond-passwords/…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS ISC Stormcast, Jan 16, 2025: Critical Vulnerabilities and Cybersecurity Updates You Need to Know 9:02
Today's episode covers an odd 12 year old Netgear vulnerability that only received a proper CVE number last year. Learn about how to properly identify OpenID connect users and avoid domain name resue. Good old rsync turns out to be in need of patching and Fortinet: Not sure if it needs patching. Probably it does. Go ahead and patch it. The Curious Case of a 12-Year-Old Netgear Router Vulnerability Outdated Netgear routers remain a security risk, with attackers actively exploiting a 2013 vulnerability to deploy crypto miners. Learn how to protect your network by updating or replacing legacy hardware. URL: https://isc.sans.edu/diary/The%20Curious%20Case%20of%20a%2012-Year-Old%20Netgear%20Router%20Vulnerability/31592 Millions at Risk Due to Google s OAuth Flaw A flaw in Google s OAuth implementation enables attackers to exploit defunct domain accounts, exposing sensitive data. Tips on implementing MFA and domain monitoring to reduce risks. URL: https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw Rsync 3.4.0 Security Release The latest rsync update fixes critical vulnerabilities, including buffer overflows and symbolic link issues. Upgrade immediately to protect your file synchronization processes. URL: https://download.samba.org/pub/rsync/NEWS#3.4.0 Fortinet PSIRT Advisories: Stay Secure Fortinet's latest advisories address vulnerabilities in FortiOS, FortiProxy, and more. Review and apply patches promptly to secure your perimeter defenses. URL: https://www.fortiguard.com/psirt…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS ISC Stormcast, Jan 14 2025: Microsoft Patch Tuesday, FortiOS and FortiProxy Patches; Paessler PRTG Patches 7:48
Today, Microsoft Patch Tuesday headlines our news with Microsoft patching 209 vulnerabilities, some of which have already been exploited. Fortinet suspects a so far unpatched Node.js authentication bypass to be behind some recent exploits of FortiOS and FortiProxy devices. Microsoft January 2025 Patch Tuesday This month's Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as zero-days. https://isc.sans.edu/diary/rss/31590 Fortinet Security Advisory FG-IR-24-535 CVE-2024-55591 An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. https://fortiguard.fortinet.com/psirt/FG-IR-24-535 PRTG Network Monitor Update: Update for an already exploited XSS vulnerability in Paesler PRTG Network Monitor CVE-2024-12833 https://www.paessler.com/prtg/history/stable…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1 SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics 7:51
Episode Summary: This episode covers brute-force attacks on the password reset functionality of Hikvision devices, a macOS SIP bypass vulnerability, Linux rootkit malware, and a novel ransomware campaign targeting AWS S3 buckets. Topics Covered: Hikvision Password Reset Brute Forcing URL: https://isc.sans.edu/diary/Hikvision%20Password%20Reset%20Brute%20Forcing/31586 Hikvision devices are being targeted using old brute-force attacks exploiting predictable password reset codes. Analyzing CVE-2024-44243: A macOS System Integrity Protection Bypass URL: https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/ Microsoft details a macOS vulnerability allowing attackers to bypass SIP using kernel extensions. Rootkit Malware Controls Linux Systems Remotely URL: https://cybersecuritynews.com/rootkit-malware-controls-linux-systems-remotely/ A sophisticated rootkit targeting Linux systems uses zero-day vulnerabilities for remote control. Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C URL: https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c Attackers are using AWS s SSE-C encryption to lock S3 buckets during ransomware campaigns. We cover how the attack works and how to protect your AWS environment.…
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
In today's episode, we cover the latest updates in cybersecurity: Windows Defender Enhances Chrome Extension Detection Microsoft's Defender now catalogs Chrome extensions to identify malicious ones. Learn how this improves enterprise security. https://isc.sans.edu/diary/Windows%20Defender%20Chrome%20Extension%20Detection/31574 Multi-OLE Analysis in Malicious Documents A look at how attackers embed OLE files in Office documents to evade detection and the tools to combat it. https://isc.sans.edu/diary/Multi-OLE/31580 Ivanti Connect Secure RCE Vulnerability (CVE-2025-0282) Details of a critical vulnerability affecting Ivanti products and the patching timelines. https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/ Apple USB-C Controller Compromised Researchers hacked Apple s ACE3 USB-C controller, highlighting hardware security challenges. https://cybersecuritynews.com/apples-new-usb-c-controller-hacked/ IRS Pushes for IP PIN Enrollment Protect yourself from tax-related identity theft by securing your IP PIN for the 2025 tax season. https://www.irs.gov/newsroom/irs-encourages-all-taxpayers-to-sign-up-for-an-ip-pin-for-the-2025-tax-season…
Добро пожаловать в Player FM!
Player FM сканирует Интернет в поисках высококачественных подкастов, чтобы вы могли наслаждаться ими прямо сейчас. Это лучшее приложение для подкастов, которое работает на Android, iPhone и веб-странице. Зарегистрируйтесь, чтобы синхронизировать подписки на разных устройствах.