SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) - SANS ISC Stormcast: Cryptomining Malware, Fake PoC Exploit, Malicious Browser Extensions, and Palo Alto Vulnerabilities. Jan 9th 2024

SANS ISC Stormcast: Cryptomining Malware, Fake PoC Exploit, Malicious Browser Extensions, and Palo Alto Vulnerabilities. Jan 9th 2024

01/10/25 • 7 min

1 Listener

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

In this episode, we explore the following stories:
"Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics"
Overview of Redtail's multi-architecture cryptomining malware exploiting vulnerabilities and deploying persistence techniques.
URL: Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics
"Information Stealer Masquerades as LDAPNightmare PoC Exploit"
A malware disguised as a PoC exploit targets users seeking to test vulnerabilities like LDAPNightmare.
URL: Information Stealer Masquerades as LDAPNightmare PoC Exploit
"How Extensions Trick CWS Search"
Research reveals how malicious browser extensions manipulate Chrome Web Store search to appear legitimate.
URL: How Extensions Trick CWS Search
"Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)"
Multiple vulnerabilities in the deprecated Expedition tool can expose credentials and lead to unauthorized file and command execution.
URL: Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)

Previous Episode

SANS ISC Stormcast, Jan 9, 2025: Critical Vulnerabilities in Ivanti, Aviatrix, and Hijacked Backdoors in Compromised Systems

In this episode, we discuss critical vulnerabilities in Ivanti Connect Secure and Policy Secure, command injection risks in Aviatrix Network Controllers, and the risks posed by hijacked abandoned backdoors.
Episode Links and Topics:
More Governments Backdoors in Your Backdoors
https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/
Researchers reveal how expired domains linked to abandoned backdoors can be hijacked, exposing systems to further compromise.
Security Update: Ivanti Connect Secure, Policy Secure, and Neurons for ZTA Gateways
https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways
Ivanti addresses critical vulnerabilities (CVE-2025-0282, CVE-2025-0283) in their secure gateway products, with active exploitation in the wild.
CVE-2024-50603: Aviatrix Network Controller Command Injection Vulnerability
https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/
A command injection vulnerability in Aviatrix Network Controllers allows unauthenticated code execution, posing severe risks to network environments.

Next Episode

SANS ISC Stormcast, Jan 13, 2025: Defender Updates, Ivanti RCE, Apple USB-C Hack and more

In today's episode, we cover the latest updates in cybersecurity:
Windows Defender Enhances Chrome Extension Detection
Microsoft's Defender now catalogs Chrome extensions to identify malicious ones. Learn how this improves enterprise security.
https://isc.sans.edu/diary/Windows%20Defender%20Chrome%20Extension%20Detection/31574
Multi-OLE Analysis in Malicious Documents
A look at how attackers embed OLE files in Office documents to evade detection and the tools to combat it.
https://isc.sans.edu/diary/Multi-OLE/31580
Ivanti Connect Secure RCE Vulnerability (CVE-2025-0282)
Details of a critical vulnerability affecting Ivanti products and the patching timelines.
https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/
Apple USB-C Controller Compromised
Researchers hacked Apple s ACE3 USB-C controller, highlighting hardware security challenges.
https://cybersecuritynews.com/apples-new-usb-c-controller-hacked/
IRS Pushes for IP PIN Enrollment
Protect yourself from tax-related identity theft by securing your IP PIN for the 2025 tax season.
https://www.irs.gov/newsroom/irs-encourages-all-taxpayers-to-sign-up-for-an-ip-pin-for-the-2025-tax-season