Talk With an Expert

Internet Storm Center Tech Corner

SANS ISC Stormcast, Jan 10, 2025

https://isc.sans.edu/podcastdetail/9274

Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics

Overview of Redtail's multi-architecture cryptomining malware exploiting vulnerabilities and deploying persistence techniques.

https://isc.sans.edu/diary/Examining+Redtail+Analyzing+a+Sophisticated+Cryptomining+Malware+and+its+Advanced+Tactics+Guest+Diary/31568/

Information Stealer Masquerades as LDAPNightmare PoC Exploit

A malware disguised as a PoC exploit targets users seeking to test vulnerabilities like LDAPNightmare.

https://www.trendmicro.com/en_us/research/25/a/information-stealer-masquerades-as-ldapnightmare-poc-exploit.html

How Extensions Trick CWS Search

Research reveals how malicious browser extensions manipulate Chrome Web Store search to appear legitimate.

https://palant.info/2025/01/08/how-extensions-trick-cws-search/

Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)

Multiple vulnerabilities in the deprecated Expedition tool can expose credentials and lead to unauthorized file and command execution.

https://security.paloaltonetworks.com/PAN-SA-2025-0001

SANS ISC Stormcast, Jan 9, 2025

In this episode, we discuss critical vulnerabilities in Ivanti Connect Secure and Policy Secure, command injection risks in Aviatrix Network Controllers, and the risks posed by hijacked abandoned backdoors.

https://isc.sans.edu/podcastdetail/9272

More Governments Backdoors in Your Backdoors

Researchers reveal how expired domains linked to abandoned backdoors can be hijacked, exposing systems to further compromise.

https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/

Security Update: Ivanti Connect Secure, Policy Secure, and Neurons for ZTA Gateways

Ivanti addresses critical vulnerabilities (CVE-2025-0282, CVE-2025-0283) in their secure gateway products, with active exploitation in the wild.

https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways

CVE-2024-50603: Aviatrix Network Controller Command Injection Vulnerability

A command injection vulnerability in Aviatrix Network Controllers allows unauthenticated code execution, posing severe risks to network environments.

https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/

SANS ISC Stormcast, Jan 8, 2025

In this episode, we dive into active exploitation of a zero-day in SonicWall SSL-VPN, privilege escalation vulnerabilities in Moxa devices, and a BitLocker bypass in Windows 11. We also cover cryptocurrency mining malware hitting PHP servers and the White House's launch of the U.S. Cyber Trust Mark to secure connected devices.

https://isc.sans.edu/podcastdetail/9270

Episode Links and Topics:

PacketCrypt Classic Cryptocurrency Miner on PHP Servers

Malware exploiting PHP servers to mine PacketCrypt Classic cryptocurrency.

https://isc.sans.edu/diary/PacketCrypt+Classic+Cryptocurrency+Miner+on+PHP+Servers/31564

SonicOS Affected By Multiple Vulnerabilities

A zero-day vulnerability in SonicWall SSL-VPN devices is under active attack.

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

Privilege Escalation and OS Command Injection Vulnerabilities in Moxa Devices

Critical vulnerabilities in Moxa routers and security appliances allow privilege escalation and OS command injection.

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo

White House Launches U.S. Cyber Trust Mark

A new cybersecurity labeling program for connected devices aims to help consumers choose secure products.

https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/

Windows BitLocker: Screwed without a Screwdriver

A two-year-old vulnerability in Windows 11 allows bypassing BitLocker encryption.

https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver#t=761

(video in English)

View Older Issues

Catch up on recent editions of NewsBites or browse our full archive of expert-curated cybersecurity news.

Browse Archive