Handler on Duty: Xavier Mertens
Threat Level: green
Podcast Detail
CyberPanel RCE; Spring WebFlux Vuln; MSFT Implements DANE; Attackers Enable RDP
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://chrt.fm/track/2748D7/https://traffic.libsyn.com/securitypodcast/9202.mp3
SANS Daily Network Security Podcast (Stormcast) for Wednesday, October 30th, 2024
00:00
My Next Class
| Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
Interested in Internet Storm Center stickers? Check here if there are still some available for today.
Critical RCE Vulnerabilty in Cyberpanel
https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
Spring WebFlux Vulnerability
https://access.redhat.com/security/cve/cve-2024-38821
https://spring.io/security/cve-2024-38821
Inbound SMTP DANE with DNSSEC for Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292
HeptaX: Unauthorized RDP Connections for Cyberespionage Operations
https://cyble.com/blog/heptax-unauthorized-rdp-connections-for-cyberespionage-operations/
https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
Spring WebFlux Vulnerability
https://access.redhat.com/security/cve/cve-2024-38821
https://spring.io/security/cve-2024-38821
Inbound SMTP DANE with DNSSEC for Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292
HeptaX: Unauthorized RDP Connections for Cyberespionage Operations
https://cyble.com/blog/heptax-unauthorized-rdp-connections-for-cyberespionage-operations/
iTunes
MP3 Download
RSS Feed
Google
Podbean
Amazon Echo
YouTube
Spreaker
Spotify
Discussion
Login here to join the discussion.
| Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
| Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
| Network Monitoring and Threat Detection In-Depth | Baltimore | Mar 3rd - Mar 8th 2025 |
| Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Apr 13th - Apr 18th 2025 |
Make the web a better place by sharing the SANS Internet Storm Center with others
© 2024 SANS™ Internet Storm Center
Developers: We have an API for you! 