Handler on Duty: Johannes Ullrich
Threat Level: green
Podcast Detail
SANS Stormcast Wednesday, October 22nd, 2025: NTP Pool; Xubuntu Compromise; Squid Vulnerability; Lanscope Vuln;
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9666.mp3
My Next Class
| Application Security: Securing Web Apps, APIs, and Microservices | Dallas | Dec 1st - Dec 6th 2025 |
| Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Mar 29th - Apr 3rd 2026 |
What time is it? Accuracy of pool.ntp.org.
How accurate and reliable is pool.ntp.org? Turns out it is very good!
https://isc.sans.edu/diary/What%20time%20is%20it%3F%20Accuracy%20of%20pool.ntp.org./32390
Xubuntu Compromise
The Xubuntu website was compromised last weekend and served malware
https://floss.social/@bluesabre/115401767635718361
Squid Proxy Vulnerability
The Squid team fixed an information disclosure vulnerabilty that may leak authentication credentials.
https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr
Lanscope Endpoint Manager Vulnerablity
https://jvn.jp/en/jp/JVN86318557/index.html
iTunes
MP3 Download
RSS Feed
Google
Podbean
Amazon Echo
YouTube
Spreaker
Spotify
Discussion
Login here to join the discussion.
| Application Security: Securing Web Apps, APIs, and Microservices | Dallas | Dec 1st - Dec 6th 2025 |
| Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Mar 29th - Apr 3rd 2026 |
| Network Monitoring and Threat Detection In-Depth | Amsterdam | Apr 20th - Apr 25th 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | San Diego | May 11th - May 16th 2026 |
| Network Monitoring and Threat Detection In-Depth | Riyadh | Jun 20th - Jun 25th 2026 |
The Internet Storm Center is a community for everyone, so join the conversation
© 2025 SANS™ Internet Storm Center
Developers: We have an API for you! 