Talk With an Expert

Internet Storm Center Tech Corner

SANS ISC Stormcast, Jan 17, 2025

In this episode, we explore the efficient storage of honeypot logs in databases, issues with Citrix's Session Recording Agent and Windows Update. Ivanti is having another interesting security event and our SANS.edu graduate student Rich Green talks about his research on Passkeys.

https://isc.sans.edu/podcastdetail/9284

Extracting Practical Observations from Impractical Datasets:

A SANS Internet Storm Center diary entry discusses strategies for analyzing complex datasets to derive actionable insights.

https://isc.sans.edu/diary/Extracting+Practical+Observations+from+Impractical+Datasets/31582

Citrix Session Recording Agent Update Issue:

Citrix reports that Microsoft's January security update fails or reverts on machines with the 2411 Session Recording Agent installed, providing guidance on addressing this issue.

https://support.citrix.com/s/article/CTX692505-microsofts-january-security-update-failsreverts-on-a-machine-with-2411-session-recording-agent?language=en_US

Ivanti Endpoint Manager Security Advisory:

Ivanti releases a security advisory for Endpoint Manager versions 2024 and 2022 SU6, detailing vulnerabilities and recommended actions.

https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US

Revolutionizing Enterprise Security: The Exciting Future of Passkeys Beyond Passwords:

A SANS.edu research paper explores the shift from traditional passwords to passkeys, highlighting the benefits and challenges of adopting passwordless authentication methods.

https://www.sans.edu/cyber-research/revolutionizing-enterprise-security-exciting-future-passkeys-beyond-passwords/

SANS ISC Stormcast, Jan 16, 2025

Today's episode covers an odd 12 year old Netgear vulnerability that only received a proper CVE number last year. Learn about how to properly identify OpenID connect users and avoid domain name reuse. Good old rsync turns out to be in need of patching and Fortinet: Not sure if it needs patching. Probably it does. Go ahead and patch it.

https://isc.sans.edu/podcastdetail/9282

The Curious Case of a 12-Year-Old Netgear Router Vulnerability

Outdated Netgear routers remain a security risk, with attackers actively exploiting a 2013 vulnerability to deploy crypto miners. Learn how to protect your network by updating or replacing legacy hardware.

https://isc.sans.edu/diary/The+Curious+Case+of+a+12YearOld+Netgear+Router+Vulnerability/31592

Millions at Risk Due to Google's OAuth Flaw

A flaw in Google's OAuth implementation enables attackers to exploit defunct domain accounts, exposing sensitive data. Tips on implementing MFA and domain monitoring to reduce risks.

https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw

Rsync 3.4.0 Security Release

The latest rsync update fixes critical vulnerabilities, including buffer overflows and symbolic link issues. Upgrade immediately to protect your file synchronization processes.

https://download.samba.org/pub/rsync/NEWS#3.4.0

Fortinet PSIRT Advisories: Stay Secure

Fortinet's latest advisories address vulnerabilities in FortiOS, FortiProxy, and more. Review and apply patches promptly to secure your perimeter defenses.

https://www.fortiguard.com/psirt

SANS ISC Stormcast, Jan 15 2025

Today, Microsoft Patch Tuesday headlines our news with Microsoft patching 209 vulnerabilities, some of which have already been exploited. Fortinet suspects a so far unpatched Node.js authentication bypass to be behind some recent exploits of FortiOS and FortiProxy devices.

https://isc.sans.edu/podcastdetail/9280

Microsoft January 2025 Patch Tuesday

This month's Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as zero-days.

https://isc.sans.edu/diary/rss/31590

Fortinet Security Advisory FG-IR-24-535 CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

https://fortiguard.fortinet.com/psirt/FG-IR-24-535

PRTG Network Monitor Update:

Update for an already exploited XSS vulnerability in Paessler PRTG Network Monitor CVE-2024-12833

https://www.paessler.com/prtg/history/stable

View Older Issues

Catch up on recent editions of NewsBites or browse our full archive of expert-curated cybersecurity news.

Browse Archive