DiscoverSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch
SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch

SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch

Update: 2025-02-14
Share

Description



DShield SIEM Docker Updates

Interested in learning more about the attacks hitting your honeypot?

Guy assembled a neat SIEM to create dashboards summarizing the attacks.

https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/31680

PANOS Path Confusion Auth Bypass

Palo Alto Networks fixed a path confusion vulnerability introduced by the

overly complex midle box chain in PANOS.

https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/

https://www.theregister.com/2025/02/13/palo_alto_firewall/

China's Volt Typhoon Continues to use Cisco Vulns

Recorded Future wrote up some recent attacks of the Red Mike / Volt Typhoon groups going after telecom providers by compromissing Cisco systems via an older vulnerabilty

https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers/

Crowdstrike Patches Linux Client

https://www.crowdstrike.com/security-advisories/cve-2025-1146/
Comments 
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
In Channel
SANS Stormcast Thursday Mar 27th: Classifying Malware with ML; Malicious NPM Packages; Google Chrome 0-day

SANS Stormcast Thursday Mar 27th: Classifying Malware with ML; Malicious NPM Packages; Google Chrome 0-day

2025-03-2707:11

SANS Stormcast Wednesday Mar 26th: XWiki Exploit; File Converter Correction; VMWare Vulnerability; Draytek Router Reboots; MMC Exploit Details;

SANS Stormcast Wednesday Mar 26th: XWiki Exploit; File Converter Correction; VMWare Vulnerability; Draytek Router Reboots; MMC Exploit Details;

2025-03-2606:14

SANS Stormcast Tuesday Mar 25th: Privacy Awware Bots; Ingress Nightmare; Malicious File Converters; VSCode Extension Leads to Ransomware

SANS Stormcast Tuesday Mar 25th: Privacy Awware Bots; Ingress Nightmare; Malicious File Converters; VSCode Extension Leads to Ransomware

2025-03-2505:55

SANS Stormcast Monday Mar 24th: Critical Next.js Vulnerability; Microsoft Trust Signing Platform Abuse

SANS Stormcast Monday Mar 24th: Critical Next.js Vulnerability; Microsoft Trust Signing Platform Abuse

2025-03-2407:10

SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE;

SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE;

2025-03-2108:24

SANS Stormcast Thursday Mar 20th: Cisco Smart Licensing Attacks; Vulnerable Drivers again; Synology Advisories Updated

SANS Stormcast Thursday Mar 20th: Cisco Smart Licensing Attacks; Vulnerable Drivers again; Synology Advisories Updated

2025-03-2007:09

SANS Stormcast Wednesday Mar 19th 2025: Python DLL Side Loading; Tomcast RCE Correction; SAML Roulette; Windows Shortcut 0-Day

SANS Stormcast Wednesday Mar 19th 2025: Python DLL Side Loading; Tomcast RCE Correction; SAML Roulette; Windows Shortcut 0-Day

2025-03-1907:18

SANS Stormcast Tuesday Mar 18th 2025: Analyzing GUID Encoded Shellcode; Node.js SAML Vuln; Tomcat RCE in the Wild; CSS e-mail obfuscation

SANS Stormcast Tuesday Mar 18th 2025: Analyzing GUID Encoded Shellcode; Node.js SAML Vuln; Tomcat RCE in the Wild; CSS e-mail obfuscation

2025-03-1807:03

SANS Stormcast Monday March 17th: Mirai Makes Mistakes; Compromised Github Action; ruby-saml vulnerability; Fake GitHub Security Alert Phishing

SANS Stormcast Monday March 17th: Mirai Makes Mistakes; Compromised Github Action; ruby-saml vulnerability; Fake GitHub Security Alert Phishing

2025-03-1706:38

SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln

SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln

2025-03-1406:07

SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates;

SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates;

2025-03-1305:56

SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement

SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement

2025-03-1207:54

SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln;

SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln;

2025-03-1104:59

SANS Stormcast: Webshells; Undocumented ESP32 Commands; Camera Used For Ransomware Distribution

SANS Stormcast: Webshells; Undocumented ESP32 Commands; Camera Used For Ransomware Distribution

2025-03-1006:45

SANS Stormcast Friday Mar 7th: Chrome vs Extensions; Kibana Update; PrePw0n3d Android TV Sticks; Identifying APTs (@sans_edu, Eric LeBlanc)

SANS Stormcast Friday Mar 7th: Chrome vs Extensions; Kibana Update; PrePw0n3d Android TV Sticks; Identifying APTs (@sans_edu, Eric LeBlanc)

2025-03-0713:53

SANS Stormcast Thursday Mar 6th: DShield ELK Analysis; Jailbreaking AMD CPUs; VIM Vulnerability; Snail Mail Ransomware

SANS Stormcast Thursday Mar 6th: DShield ELK Analysis; Jailbreaking AMD CPUs; VIM Vulnerability; Snail Mail Ransomware

2025-03-0606:45

SANS Stormcast Wednesday Mar 5th: SMTP Credential Hunt; mac-robber.py update; ADSelfService Plus Account Takeover; Android Patch Day; PayPal Scams; VMWare Escape Fix

SANS Stormcast Wednesday Mar 5th: SMTP Credential Hunt; mac-robber.py update; ADSelfService Plus Account Takeover; Android Patch Day; PayPal Scams; VMWare Escape Fix

2025-03-0506:11

SANS Stormcast Tuesday Mar 4th: Mark of the Web Details; Sharepint and Click-Fix Phishing; Paragon Partionmanager BYOVD Exploit

SANS Stormcast Tuesday Mar 4th: Mark of the Web Details; Sharepint and Click-Fix Phishing; Paragon Partionmanager BYOVD Exploit

2025-03-0406:17

SANS Stormcast Monday Mar 3rd: AI Training Data Leaks; MITRE Caldera Vuln; modsecurity bypass

SANS Stormcast Monday Mar 3rd: AI Training Data Leaks; MITRE Caldera Vuln; modsecurity bypass

2025-03-0307:08

SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware

SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware

2025-02-2814:27

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch

SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch

Dr. Johannes B. Ullrich