Talk With an Expert

Internet Storm Center Tech Corner

SANS Internet Storm Center StormCast Monday, June 30, 2025

Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resiliency Initiative

https://isc.sans.edu/podcastdetail/9510 Scattered Spider Update

The threat actor known as Scattered Spider is in the news again, this time focusing on airlines. But the techniques used by Scattered Spider, social engineering, are still some of the most dangerous techniques used by various threat actors.

https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations?e=48754805

AMI BIOS Vulnerability Exploited CVE-2024-54085

A vulnerability in the Redfish remote access software, including AMI’s BIOS, is now being exploited.

https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf

https://eclypsium.com/blog/ami-megarac-vulnerabilities-bmc-part-3/

Act now: Secure Boot certificates expire in June 2026

The Microsoft certificates used in Secure Boot are the basis of trust for operating system security, and all will be expiring beginning June 2026.

https://techcommunity.microsoft.com/blog/windows-itpro-blog/act-now-secure-boot-certificates-expire-in-june-2026/4426856

The Windows Resiliency Initiative: Building resilience for a future-ready enterprise

Microsoft announced more details about its future security and resilience strategy for Windows. In particular, security tools will no longer have kernel access, which is supposed to prevent a repeat of the Cloudflare issue, but may also restrict security tools’ functionality.

https://blogs.windows.com/windowsexperience/2025/06/26/the-windows-resiliency-initiative-building-resilience-for-a-future-ready-enterprise/

View Older Issues

Catch up on recent editions of NewsBites or browse our full archive of expert-curated cybersecurity news.

Browse Archive