Artwork

Inhoud geleverd door Johannes B. Ullrich. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Johannes B. Ullrich of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.
Player FM - Podcast-app
Ga offline met de app Player FM !

SANS ISC Stormcast, Jan 23, 2025: PFSync Protocol; Oracle CPU; Korean VPN Supply Chain Attack; Ivanti Guidance (#)

7:50
 
Delen
 

Manage episode 462572326 series 2911633
Inhoud geleverd door Johannes B. Ullrich. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Johannes B. Ullrich of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.
SANS ISC Stormcast, Jan 23, 2025: PFSync Protocol; Oracle CPU; Korean VPN Supply Chain Attack; Ivanti Guidance In today's episode, we start by talking about the PFSYNC protocol used to synchronize firewall states to support failover. Oracle released it's quarterly critical patch update. ESET is reporting about a critical VPN supply chain attack and CISA released guidance for victims of recent Ivanti related attacks. Catching CARP: Fishing for Firewall States in PFSync Traffic https://isc.sans.edu/diary/Catching%20CARP%3A%20Fishing%20for%20Firewall%20Stat%20es%20in%20PFSync%20Traffic/31616)** Discover how attackers exploit PFSync traffic to manipulate firewall states. This deep dive explores vulnerabilities and mitigation strategies in network defense. Oracle Critical Patch Update – January 2025 https://www.oracle.com/security-alerts/cpujan2025.html)** Oracle's January 2025 patch release addresses numerous critical vulnerabilities across their product suite. Learn about key updates and how to secure your systems. PlushDaemon: Compromising the Supply Chain of a Korean VPN Service https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/ ESET Research uncovers PlushDaemon, a sophisticated supply chain attack targeting a Korean VPN provider. Understand the implications for supply chain security. CISA Cybersecurity Advisory: AA25-022A https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a The latest advisory highlights active threats and mitigation strategies for critical infrastructure. Stay ahead with CISA’s guidance on emerging cyber risks. keywords: cisa; ivanti; vpn; korea; oracle; carp; pfsync
  continue reading

1001 afleveringen

Artwork
iconDelen
 
Manage episode 462572326 series 2911633
Inhoud geleverd door Johannes B. Ullrich. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Johannes B. Ullrich of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.
SANS ISC Stormcast, Jan 23, 2025: PFSync Protocol; Oracle CPU; Korean VPN Supply Chain Attack; Ivanti Guidance In today's episode, we start by talking about the PFSYNC protocol used to synchronize firewall states to support failover. Oracle released it's quarterly critical patch update. ESET is reporting about a critical VPN supply chain attack and CISA released guidance for victims of recent Ivanti related attacks. Catching CARP: Fishing for Firewall States in PFSync Traffic https://isc.sans.edu/diary/Catching%20CARP%3A%20Fishing%20for%20Firewall%20Stat%20es%20in%20PFSync%20Traffic/31616)** Discover how attackers exploit PFSync traffic to manipulate firewall states. This deep dive explores vulnerabilities and mitigation strategies in network defense. Oracle Critical Patch Update – January 2025 https://www.oracle.com/security-alerts/cpujan2025.html)** Oracle's January 2025 patch release addresses numerous critical vulnerabilities across their product suite. Learn about key updates and how to secure your systems. PlushDaemon: Compromising the Supply Chain of a Korean VPN Service https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/ ESET Research uncovers PlushDaemon, a sophisticated supply chain attack targeting a Korean VPN provider. Understand the implications for supply chain security. CISA Cybersecurity Advisory: AA25-022A https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a The latest advisory highlights active threats and mitigation strategies for critical infrastructure. Stay ahead with CISA’s guidance on emerging cyber risks. keywords: cisa; ivanti; vpn; korea; oracle; carp; pfsync
  continue reading

1001 afleveringen

Tous les épisodes

×
 
Loading …

Welkom op Player FM!

Player FM scant het web op podcasts van hoge kwaliteit waarvan u nu kunt genieten. Het is de beste podcast-app en werkt op Android, iPhone en internet. Aanmelden om abonnementen op verschillende apparaten te synchroniseren.

 

Korte handleiding

Luister naar deze show terwijl je op verkenning gaat
Spelen