Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
Conteúdo fornecido por Johannes B. Ullrich. Todo o conteúdo do podcast, incluindo episódios, gráficos e descrições de podcast, é carregado e fornecido diretamente por Johannes B. Ullrich ou por seu parceiro de plataforma de podcast. Se você acredita que alguém está usando seu trabalho protegido por direitos autorais sem sua permissão, siga o processo descrito aqui https://pt.player.fm/legal.
Player FM - Aplicativo de podcast
Fique off-line com o app Player FM !
Fique off-line com o app Player FM !
SANS ISC Stormcast Jan 7th 2025: Make Malware Happy and Critical Vulnerabilities in OpenSSH, BeyondTrust, and Nucle
Manage episode 459689057 series 2911633
Conteúdo fornecido por Johannes B. Ullrich. Todo o conteúdo do podcast, incluindo episódios, gráficos e descrições de podcast, é carregado e fornecido diretamente por Johannes B. Ullrich ou por seu parceiro de plataforma de podcast. Se você acredita que alguém está usando seu trabalho protegido por direitos autorais sem sua permissão, siga o processo descrito aqui https://pt.player.fm/legal.
SANS ISC Stormcast Jan 7th 2025: Make Malware Happy and Critical Vulnerabilities in OpenSSH, BeyondTrust, and Nuclei In this episode of the SANS Internet Storm Center's Stormcast, we cover critical vulnerabilities affecting OpenSSH, BeyondTrust, and Nuclei, including the newly discovered "RegreSSHion" flaw and a bypass vulnerability in Nuclei. We also discuss how malware evasion techniques can impact analysis environments and highlight the dangers of fake exploits targeting researchers. Tune in for insights on patching, mitigation strategies, and staying ahead of emerging threats. Topics Covered: Make Malware Happy https://isc.sans.edu/diary/Make%20Malware%20Happy/31560 A look at how malware adapts and detects analysis environments, and why replicating operational settings is critical during malware analysis. Nuclei Signature Verification Bypass (CVE-2024-43405) https://www.wiz.io/blog/nuclei-signature-verification-bypass A critical vulnerability in Nuclei allows malicious templates to bypass signature verification, risking arbitrary code execution. Critical Vulnerability in BeyondTrust (CVE-2024-12356) https://censys.com/cve-2024-12356/ A high-risk flaw in BeyondTrust products allows unauthenticated OS command execution, posing a significant threat to privileged access systems. RegreSSHion Code Execution Vulnerability (CVE-2024-6387) https://cybersecuritynews.com/regresshion-code-execution-vulnerability/ OpenSSH vulnerability "RegreSSHion" enables remote code execution, and fake exploits targeting security researchers are in circulation. keywords: openssh, regresshion, beyondtrust, nuclei, malware, evasion, rce
…
continue reading
1001 episódios
SANS ISC Stormcast Jan 7th 2025: Make Malware Happy and Critical Vulnerabilities in OpenSSH, BeyondTrust, and Nucle
SANS Internet Storm Center's Daily Network Security News Podcast
Manage episode 459689057 series 2911633
Conteúdo fornecido por Johannes B. Ullrich. Todo o conteúdo do podcast, incluindo episódios, gráficos e descrições de podcast, é carregado e fornecido diretamente por Johannes B. Ullrich ou por seu parceiro de plataforma de podcast. Se você acredita que alguém está usando seu trabalho protegido por direitos autorais sem sua permissão, siga o processo descrito aqui https://pt.player.fm/legal.
SANS ISC Stormcast Jan 7th 2025: Make Malware Happy and Critical Vulnerabilities in OpenSSH, BeyondTrust, and Nuclei In this episode of the SANS Internet Storm Center's Stormcast, we cover critical vulnerabilities affecting OpenSSH, BeyondTrust, and Nuclei, including the newly discovered "RegreSSHion" flaw and a bypass vulnerability in Nuclei. We also discuss how malware evasion techniques can impact analysis environments and highlight the dangers of fake exploits targeting researchers. Tune in for insights on patching, mitigation strategies, and staying ahead of emerging threats. Topics Covered: Make Malware Happy https://isc.sans.edu/diary/Make%20Malware%20Happy/31560 A look at how malware adapts and detects analysis environments, and why replicating operational settings is critical during malware analysis. Nuclei Signature Verification Bypass (CVE-2024-43405) https://www.wiz.io/blog/nuclei-signature-verification-bypass A critical vulnerability in Nuclei allows malicious templates to bypass signature verification, risking arbitrary code execution. Critical Vulnerability in BeyondTrust (CVE-2024-12356) https://censys.com/cve-2024-12356/ A high-risk flaw in BeyondTrust products allows unauthenticated OS command execution, posing a significant threat to privileged access systems. RegreSSHion Code Execution Vulnerability (CVE-2024-6387) https://cybersecuritynews.com/regresshion-code-execution-vulnerability/ OpenSSH vulnerability "RegreSSHion" enables remote code execution, and fake exploits targeting security researchers are in circulation. keywords: openssh, regresshion, beyondtrust, nuclei, malware, evasion, rce
…
continue reading
1001 episódios
Alle episoder
×Bem vindo ao Player FM!
O Player FM procura na web por podcasts de alta qualidade para você curtir agora mesmo. É o melhor app de podcast e funciona no Android, iPhone e web. Inscreva-se para sincronizar as assinaturas entre os dispositivos.