SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ModelScan: Protection Against Model Serialization Attacks
ModelScan is a tool to inspect AI models for deserialization attacks. The tool will detect suspect commands and warn the user.
https://isc.sans.edu/diary/ModelScan%20-%20Protection%20Against%20Model%20Serialization%20Attacks/31692
OpenSSH MitM and DoS Vulnerabilities
OpenSSH Patched two vulnerabilities discovered by Qualys. One may be used for MitM attack in specfic configurations of OpenSSH.
https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
Juniper Authentication Bypass
Juniper fixed an authentication bypass vulnerability that affects several prodcuts. The patch was released outside the normal patch schedule.
https://supportportal.juniper.net/s/article/2025-02-Out-of-Cycle-Security-Bulletin-Session-Smart-Router-Session-Smart-Conductor-WAN-Assurance-Router-API-Authentication-Bypass-Vulnerability-CVE-2025-21589?language=en_US
DELL BIOS Patches
DELL released BIOS updates fixing a privilege escalation issue. The update affects a large part of Dell's portfolio
https://www.dell.com/support/kbdoc/en-en/000258429/dsa-2025-021

OSSEC Active Response
https://isc.sans.edu/forums/diary/Suspicious+Endpoint+Containment+with+OSSEC/26576/
Microsoft Patch for Office for Mac
https://docs.microsoft.com/en-us/officeupdates/release-notes-office-for-mac
VMWare Fusion Vulnerablity
https://www.vmware.com/security/advisories/VMSA-2020-0020.html
NSA Secure Boot Configuration Guide
https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF
Microsoft Edge Warns Users of Adobe Flash End of Support
https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/

Fake E-Mail Bomb Threats
https://www.cnn.com/2018/12/13/us/email-bomb-threats/index.html
Phishing Via Non-Delivery Notices
https://isc.sans.edu/forums/diary/Phishing+Attack+Through+NonDelivery+Notification/24412/
LamePyre MacOS Malware
https://blog.malwarebytes.com/detections/osx-lamepyre/

In this episode, we explore the following stories:
"Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics"
Overview of Redtail's multi-architecture cryptomining malware exploiting vulnerabilities and deploying persistence techniques.
URL: Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics
"Information Stealer Masquerades as LDAPNightmare PoC Exploit"
A malware disguised as a PoC exploit targets users seeking to test vulnerabilities like LDAPNightmare.
URL: Information Stealer Masquerades as LDAPNightmare PoC Exploit
"How Extensions Trick CWS Search"
Research reveals how malicious browser extensions manipulate Chrome Web Store search to appear legitimate.
URL: How Extensions Trick CWS Search
"Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)"
Multiple vulnerabilities in the deprecated Expedition tool can expose credentials and lead to unauthorized file and command execution.
URL: Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)

Not Everything About ".well-known" is Well Known
https://isc.sans.edu/forums/diary/Not+Everything+About+wellknown+is+Well+Known/26564/
BLE Lock Vulnerable to Replay Attack
https://www.pentestpartners.com/security-blog/360lock-smart-lock-review/
Mobile Iron Exploit Released
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html