SANS ISC Stormcast, Jan 23, 2025: PFSync Protocol; Oracle CPU; Korean VPN Supply Chain Attack; Ivanti Guidance
Update: 2025-01-22
Description
In today's episode, we start by talking about the PFSYNC protocol used to synchronize firewall states to support failover. Oracle released it's quarterly critical patch update. ESET is reporting about a critical VPN supply chain attack and CISA released guidance for victims of recent Ivanti related attacks.
Catching CARP: Fishing for Firewall States in PFSync Traffic
https://isc.sans.edu/diary/Catching%20CARP%3A%20Fishing%20for%20Firewall%20Stat%20es%20in%20PFSync%20Traffic/31616)**
Discover how attackers exploit PFSync traffic to manipulate firewall states. This deep dive explores vulnerabilities and mitigation strategies in network defense.
Oracle Critical Patch Update January 2025
https://www.oracle.com/security-alerts/cpujan2025.html)**
Oracle's January 2025 patch release addresses numerous critical vulnerabilities across their product suite. Learn about key updates and how to secure your systems.
PlushDaemon: Compromising the Supply Chain of a Korean VPN Service
https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/
ESET Research uncovers PlushDaemon, a sophisticated supply chain attack targeting a Korean VPN provider. Understand the implications for supply chain security.
CISA Cybersecurity Advisory: AA25-022A
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a
The latest advisory highlights active threats and mitigation strategies for critical infrastructure. Stay ahead with CISA s guidance on emerging cyber risks.
Catching CARP: Fishing for Firewall States in PFSync Traffic
https://isc.sans.edu/diary/Catching%20CARP%3A%20Fishing%20for%20Firewall%20Stat%20es%20in%20PFSync%20Traffic/31616)**
Discover how attackers exploit PFSync traffic to manipulate firewall states. This deep dive explores vulnerabilities and mitigation strategies in network defense.
Oracle Critical Patch Update January 2025
https://www.oracle.com/security-alerts/cpujan2025.html)**
Oracle's January 2025 patch release addresses numerous critical vulnerabilities across their product suite. Learn about key updates and how to secure your systems.
PlushDaemon: Compromising the Supply Chain of a Korean VPN Service
https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/
ESET Research uncovers PlushDaemon, a sophisticated supply chain attack targeting a Korean VPN provider. Understand the implications for supply chain security.
CISA Cybersecurity Advisory: AA25-022A
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a
The latest advisory highlights active threats and mitigation strategies for critical infrastructure. Stay ahead with CISA s guidance on emerging cyber risks.
Comments
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
