Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
Contenu fourni par Johannes B. Ullrich. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Johannes B. Ullrich ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
Player FM - Application Podcast
Mettez-vous hors ligne avec l'application Player FM !
Mettez-vous hors ligne avec l'application Player FM !
SANS ISC Stormcast Jan 7th 2025: Make Malware Happy and Critical Vulnerabilities in OpenSSH, BeyondTrust, and Nucle
Manage episode 459689057 series 2911633
Contenu fourni par Johannes B. Ullrich. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Johannes B. Ullrich ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
SANS ISC Stormcast Jan 7th 2025: Make Malware Happy and Critical Vulnerabilities in OpenSSH, BeyondTrust, and Nuclei In this episode of the SANS Internet Storm Center's Stormcast, we cover critical vulnerabilities affecting OpenSSH, BeyondTrust, and Nuclei, including the newly discovered "RegreSSHion" flaw and a bypass vulnerability in Nuclei. We also discuss how malware evasion techniques can impact analysis environments and highlight the dangers of fake exploits targeting researchers. Tune in for insights on patching, mitigation strategies, and staying ahead of emerging threats. Topics Covered: Make Malware Happy https://isc.sans.edu/diary/Make%20Malware%20Happy/31560 A look at how malware adapts and detects analysis environments, and why replicating operational settings is critical during malware analysis. Nuclei Signature Verification Bypass (CVE-2024-43405) https://www.wiz.io/blog/nuclei-signature-verification-bypass A critical vulnerability in Nuclei allows malicious templates to bypass signature verification, risking arbitrary code execution. Critical Vulnerability in BeyondTrust (CVE-2024-12356) https://censys.com/cve-2024-12356/ A high-risk flaw in BeyondTrust products allows unauthenticated OS command execution, posing a significant threat to privileged access systems. RegreSSHion Code Execution Vulnerability (CVE-2024-6387) https://cybersecuritynews.com/regresshion-code-execution-vulnerability/ OpenSSH vulnerability "RegreSSHion" enables remote code execution, and fake exploits targeting security researchers are in circulation. keywords: openssh, regresshion, beyondtrust, nuclei, malware, evasion, rce
…
continue reading
1001 episodes
SANS ISC Stormcast Jan 7th 2025: Make Malware Happy and Critical Vulnerabilities in OpenSSH, BeyondTrust, and Nucle
SANS Internet Storm Center's Daily Network Security News Podcast
Manage episode 459689057 series 2911633
Contenu fourni par Johannes B. Ullrich. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Johannes B. Ullrich ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
SANS ISC Stormcast Jan 7th 2025: Make Malware Happy and Critical Vulnerabilities in OpenSSH, BeyondTrust, and Nuclei In this episode of the SANS Internet Storm Center's Stormcast, we cover critical vulnerabilities affecting OpenSSH, BeyondTrust, and Nuclei, including the newly discovered "RegreSSHion" flaw and a bypass vulnerability in Nuclei. We also discuss how malware evasion techniques can impact analysis environments and highlight the dangers of fake exploits targeting researchers. Tune in for insights on patching, mitigation strategies, and staying ahead of emerging threats. Topics Covered: Make Malware Happy https://isc.sans.edu/diary/Make%20Malware%20Happy/31560 A look at how malware adapts and detects analysis environments, and why replicating operational settings is critical during malware analysis. Nuclei Signature Verification Bypass (CVE-2024-43405) https://www.wiz.io/blog/nuclei-signature-verification-bypass A critical vulnerability in Nuclei allows malicious templates to bypass signature verification, risking arbitrary code execution. Critical Vulnerability in BeyondTrust (CVE-2024-12356) https://censys.com/cve-2024-12356/ A high-risk flaw in BeyondTrust products allows unauthenticated OS command execution, posing a significant threat to privileged access systems. RegreSSHion Code Execution Vulnerability (CVE-2024-6387) https://cybersecuritynews.com/regresshion-code-execution-vulnerability/ OpenSSH vulnerability "RegreSSHion" enables remote code execution, and fake exploits targeting security researchers are in circulation. keywords: openssh, regresshion, beyondtrust, nuclei, malware, evasion, rce
…
continue reading
1001 episodes
Tous les épisodes
×Bienvenue sur Lecteur FM!
Lecteur FM recherche sur Internet des podcasts de haute qualité que vous pourrez apprécier dès maintenant. C'est la meilleure application de podcast et fonctionne sur Android, iPhone et le Web. Inscrivez-vous pour synchroniser les abonnements sur tous les appareils.