Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
Conteúdo fornecido por Johannes B. Ullrich. Todo o conteúdo do podcast, incluindo episódios, gráficos e descrições de podcast, é carregado e fornecido diretamente por Johannes B. Ullrich ou por seu parceiro de plataforma de podcast. Se você acredita que alguém está usando seu trabalho protegido por direitos autorais sem sua permissão, siga o processo descrito aqui https://pt.player.fm/legal.
Player FM - Aplicativo de podcast
Fique off-line com o app Player FM !
Fique off-line com o app Player FM !
Network Security News Summary for Wednesday January 08th, 2025
Manage episode 459887624 series 2911633
Conteúdo fornecido por Johannes B. Ullrich. Todo o conteúdo do podcast, incluindo episódios, gráficos e descrições de podcast, é carregado e fornecido diretamente por Johannes B. Ullrich ou por seu parceiro de plataforma de podcast. Se você acredita que alguém está usando seu trabalho protegido por direitos autorais sem sua permissão, siga o processo descrito aqui https://pt.player.fm/legal.
SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker – Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark In this episode, we dive into active exploitation of a zero-day in SonicWall SSL-VPN, privilege escalation vulnerabilities in Moxa devices, and a BitLocker bypass in Windows 11. We also cover cryptocurrency mining malware hitting PHP servers and the White House's launch of the U.S. Cyber Trust Mark to secure connected devices. Episode Links and Topics: PacketCrypt Classic Cryptocurrency Miner on PHP Servers https://isc.sans.edu/diary/PacketCrypt%20Classic%20Cryptocurrency%20Miner%20on%20PHP%20Servers/31564 Malware exploiting PHP servers to mine PacketCrypt Classic cryptocurrency. SonicOS Affected By Multiple Vulnerabilities https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 A zero-day vulnerability in SonicWall SSL-VPN devices is under active attack. Privilege Escalation and OS Command Injection Vulnerabilities in Moxa Devices https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo Critical vulnerabilities in Moxa routers and security appliances allow privilege escalation and OS command injection. White House Launches U.S. Cyber Trust Mark https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/ A new cybersecurity labeling program for connected devices aims to help consumers choose secure products. Windows BitLocker: Screwed without a Screwdriver https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver#t=761 (video in English) A two-year-old vulnerability in Windows 11 allows bypassing BitLocker encryption. keywords: bitlocker; windows; cyber trust mark; moxa; sonicos; packetcrypt; php
…
continue reading
1001 episódios
Network Security News Summary for Wednesday January 08th, 2025
SANS Internet Storm Center's Daily Network Security News Podcast
Manage episode 459887624 series 2911633
Conteúdo fornecido por Johannes B. Ullrich. Todo o conteúdo do podcast, incluindo episódios, gráficos e descrições de podcast, é carregado e fornecido diretamente por Johannes B. Ullrich ou por seu parceiro de plataforma de podcast. Se você acredita que alguém está usando seu trabalho protegido por direitos autorais sem sua permissão, siga o processo descrito aqui https://pt.player.fm/legal.
SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker – Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark In this episode, we dive into active exploitation of a zero-day in SonicWall SSL-VPN, privilege escalation vulnerabilities in Moxa devices, and a BitLocker bypass in Windows 11. We also cover cryptocurrency mining malware hitting PHP servers and the White House's launch of the U.S. Cyber Trust Mark to secure connected devices. Episode Links and Topics: PacketCrypt Classic Cryptocurrency Miner on PHP Servers https://isc.sans.edu/diary/PacketCrypt%20Classic%20Cryptocurrency%20Miner%20on%20PHP%20Servers/31564 Malware exploiting PHP servers to mine PacketCrypt Classic cryptocurrency. SonicOS Affected By Multiple Vulnerabilities https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 A zero-day vulnerability in SonicWall SSL-VPN devices is under active attack. Privilege Escalation and OS Command Injection Vulnerabilities in Moxa Devices https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo Critical vulnerabilities in Moxa routers and security appliances allow privilege escalation and OS command injection. White House Launches U.S. Cyber Trust Mark https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/ A new cybersecurity labeling program for connected devices aims to help consumers choose secure products. Windows BitLocker: Screwed without a Screwdriver https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver#t=761 (video in English) A two-year-old vulnerability in Windows 11 allows bypassing BitLocker encryption. keywords: bitlocker; windows; cyber trust mark; moxa; sonicos; packetcrypt; php
…
continue reading
1001 episódios
Alle episoder
×Bem vindo ao Player FM!
O Player FM procura na web por podcasts de alta qualidade para você curtir agora mesmo. É o melhor app de podcast e funciona no Android, iPhone e web. Inscreva-se para sincronizar as assinaturas entre os dispositivos.