A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
ISC StormCast for Wednesday, January 8th, 2025
January 07, 2025
6:39
5.86 MB
Downloads: 0
In this episode, we dive into active exploitation of a zero-day in SonicWall SSL-VPN, privilege escalation vulnerabilities in Moxa devices, and a BitLocker bypass in Windows 11. We also cover cryptocurrency mining malware hitting PHP servers and the White House's launch of the U.S. Cyber Trust Mark to secure connected devices.
Episode Links and Topics:
PacketCrypt Classic Cryptocurrency Miner on PHP Servers
https://isc.sans.edu/diary/PacketCrypt%20Classic%20Cryptocurrency%20Miner%20on%20PHP%20Servers/31564
Malware exploiting PHP servers to mine PacketCrypt Classic cryptocurrency.
SonicOS Affected By Multiple Vulnerabilities
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
A zero-day vulnerability in SonicWall SSL-VPN devices is under active attack.
Privilege Escalation and OS Command Injection Vulnerabilities in Moxa Devices
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo
Critical vulnerabilities in Moxa routers and security appliances allow privilege escalation and OS command injection.
White House Launches U.S. Cyber Trust Mark
https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/
A new cybersecurity labeling program for connected devices aims to help consumers choose secure products.
Windows BitLocker: Screwed without a Screwdriver
https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver#t=761
(video in English)
A two-year-old vulnerability in Windows 11 allows bypassing BitLocker encryption.
Episode Links and Topics:
PacketCrypt Classic Cryptocurrency Miner on PHP Servers
https://isc.sans.edu/diary/PacketCrypt%20Classic%20Cryptocurrency%20Miner%20on%20PHP%20Servers/31564
Malware exploiting PHP servers to mine PacketCrypt Classic cryptocurrency.
SonicOS Affected By Multiple Vulnerabilities
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
A zero-day vulnerability in SonicWall SSL-VPN devices is under active attack.
Privilege Escalation and OS Command Injection Vulnerabilities in Moxa Devices
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo
Critical vulnerabilities in Moxa routers and security appliances allow privilege escalation and OS command injection.
White House Launches U.S. Cyber Trust Mark
https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/
A new cybersecurity labeling program for connected devices aims to help consumers choose secure products.
Windows BitLocker: Screwed without a Screwdriver
https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver#t=761
(video in English)
A two-year-old vulnerability in Windows 11 allows bypassing BitLocker encryption.