Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
Contenu fourni par Johannes B. Ullrich. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Johannes B. Ullrich ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
Player FM - Application Podcast
Mettez-vous hors ligne avec l'application Player FM !
Mettez-vous hors ligne avec l'application Player FM !
Network Security News Summary for Wednesday January 08th, 2025
Manage episode 459887624 series 2911633
Contenu fourni par Johannes B. Ullrich. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Johannes B. Ullrich ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker – Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark In this episode, we dive into active exploitation of a zero-day in SonicWall SSL-VPN, privilege escalation vulnerabilities in Moxa devices, and a BitLocker bypass in Windows 11. We also cover cryptocurrency mining malware hitting PHP servers and the White House's launch of the U.S. Cyber Trust Mark to secure connected devices. Episode Links and Topics: PacketCrypt Classic Cryptocurrency Miner on PHP Servers https://isc.sans.edu/diary/PacketCrypt%20Classic%20Cryptocurrency%20Miner%20on%20PHP%20Servers/31564 Malware exploiting PHP servers to mine PacketCrypt Classic cryptocurrency. SonicOS Affected By Multiple Vulnerabilities https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 A zero-day vulnerability in SonicWall SSL-VPN devices is under active attack. Privilege Escalation and OS Command Injection Vulnerabilities in Moxa Devices https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo Critical vulnerabilities in Moxa routers and security appliances allow privilege escalation and OS command injection. White House Launches U.S. Cyber Trust Mark https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/ A new cybersecurity labeling program for connected devices aims to help consumers choose secure products. Windows BitLocker: Screwed without a Screwdriver https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver#t=761 (video in English) A two-year-old vulnerability in Windows 11 allows bypassing BitLocker encryption. keywords: bitlocker; windows; cyber trust mark; moxa; sonicos; packetcrypt; php
…
continue reading
1001 episodes
Network Security News Summary for Wednesday January 08th, 2025
SANS Internet Storm Center's Daily Network Security News Podcast
Manage episode 459887624 series 2911633
Contenu fourni par Johannes B. Ullrich. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Johannes B. Ullrich ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker – Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark In this episode, we dive into active exploitation of a zero-day in SonicWall SSL-VPN, privilege escalation vulnerabilities in Moxa devices, and a BitLocker bypass in Windows 11. We also cover cryptocurrency mining malware hitting PHP servers and the White House's launch of the U.S. Cyber Trust Mark to secure connected devices. Episode Links and Topics: PacketCrypt Classic Cryptocurrency Miner on PHP Servers https://isc.sans.edu/diary/PacketCrypt%20Classic%20Cryptocurrency%20Miner%20on%20PHP%20Servers/31564 Malware exploiting PHP servers to mine PacketCrypt Classic cryptocurrency. SonicOS Affected By Multiple Vulnerabilities https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 A zero-day vulnerability in SonicWall SSL-VPN devices is under active attack. Privilege Escalation and OS Command Injection Vulnerabilities in Moxa Devices https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo Critical vulnerabilities in Moxa routers and security appliances allow privilege escalation and OS command injection. White House Launches U.S. Cyber Trust Mark https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/ A new cybersecurity labeling program for connected devices aims to help consumers choose secure products. Windows BitLocker: Screwed without a Screwdriver https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver#t=761 (video in English) A two-year-old vulnerability in Windows 11 allows bypassing BitLocker encryption. keywords: bitlocker; windows; cyber trust mark; moxa; sonicos; packetcrypt; php
…
continue reading
1001 episodes
Tous les épisodes
×Bienvenue sur Lecteur FM!
Lecteur FM recherche sur Internet des podcasts de haute qualité que vous pourrez apprécier dès maintenant. C'est la meilleure application de podcast et fonctionne sur Android, iPhone et le Web. Inscrivez-vous pour synchroniser les abonnements sur tous les appareils.