Podcast Detail

SANS Stormcast Monday, June 1st, 2026: Bitskrieg; Gogs Unpatched Vuln; Oracle Critical Updates; PAN-OS Exploited;

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9952.mp3

Bitskrieg; Gogs Unpatched Vuln; Oracle Critical Updates; PAN-OS Exploited;

00:00

My Next Class

Click HERE to learn more about classes Johannes is teaching for SANS

Announcing Bitskrieg
https://deadeclipse666.blogspot.com/2026/05/announcing-bitskrieg.html

Vulnerability in Gogs
https://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/

Oracle Critical Security Patch Update Advisory - May 2026
https://www.oracle.com/security-alerts/cspumay2026.html

GlobalProtect Authentication Bypass Vulnerabilities CVE-2026-0257
https://security.paloaltonetworks.com/CVE-2026-0257

iTunes

MP3 Download

RSS Feed

Google

Podbean

Amazon Echo

YouTube

Spreaker

Spotify

Discussion

Network Monitoring and Threat Detection In-Depth	Online \| Arabian Standard Time	Jun 27th - Jul 2nd 2026
Network Monitoring and Threat Detection In-Depth	Riyadh	Jun 27th - Jul 2nd 2026
Application Security: Securing Web Apps, APIs, and Microservices	Washington	Jul 13th - Jul 18th 2026
Application Security: Securing Web Apps, APIs, and Microservices	Online \| British Summer Time	Jul 27th - Aug 1st 2026
Application Security: Securing Web Apps, APIs, and Microservices	Las Vegas	Sep 21st - Sep 25th 2026
Network Monitoring and Threat Detection In-Depth	Amsterdam	Nov 9th - Nov 14th 2026
Application Security: Securing Web Apps, APIs, and Microservices	Washington	Dec 14th - Dec 18th 2026

Podcast Transcript

 Hello and welcome to the Monday, June 1st, 2026 edition
 of the SANS Internet Storm Center's Stormcast. My name is
 Johannes Ullrich, recording today from Jacksonville,
 Florida. This episode is brought to you by the SANS.edu
 Graduate Certificate Program in Cloud Security. Well, and
 Nightmare Eclipse is at it again, releasing more
 unpatched vulnerabilities in Windows. Now, first of all,
 there was a local bridge escalation vulnerability,
 nothing really sort of that exciting. And then a pre
 -announcement of a soon to be released exploit and details
 about a vulnerability that allows a BitLocker bypass,
 which this time is called a BitKrieg. So that would be
 the second such vulnerability announced by Nightmare
 Eclipse. Apparently, this one wasn't found by Nightmare
 Eclipse, but instead by Jonas Lick. So that's the individual
 who actually contributed the exploit for this
 vulnerability. At the same time, also, there's sort of
 this rift now opening up between Nightmare Eclipse and
 Microsoft. And really, sort of Nightmare Eclipse here a
 little bit, representing the frustration of the larger
 security researcher community with Microsoft either not
 acknowledging their contribution or outright
 threatening them. And that led to Nightmare Eclipse's GitHub
 account being closed. So at this point, there is a
 blogspot blog that Nightmare Eclipse is using in order to
 post about upcoming releases. Not yet clear if also code
 snippets and such will be hosted there or if there will
 be some other way to publish things like exploit code.
 Instead of Microsoft kicking inconvenient researchers out
 of GitHub. GitHub, of course, had a number of stability
 issues recently. And as a result, well, individuals may
 be looking for a more independently hosted
 alternative. One thing that you may be looking at here is
 Gox. Gox basically makes it fairly easy to sort of set up
 a Git-based repository and related services. The problem
 is right now there is an unpatched vulnerability in
 Gox. Now, this vulnerability does require authentication.
 So if you're just using it with a fairly small group,
 that may be an acceptable risk to you. But keep that in mind.
 And on the other hand, you know, if you're sick of
 releasing vulnerabilities and basically scanning and finding
 vulnerabilities in products of large corporations, open
 source is another good target here for quality bug reports.
 And of course, maybe also just contribute the fix. I'm
 talking about large vendors and vendors patching. Well,
 typically Oracle only published a quarterly critical
 patch update. Oracle now realized that this may not be
 sufficient and they need to come up with a faster cadence
 here. So in May, and that was last week, they did for the
 first time publish a critical security patch update. So in
 addition to the quarterly security patch update, this
 one only contains 35 patches for five different products,
 which is, you know, far less than we usually have in these
 much larger quarterly updates. Now, the quarterly updates
 will still happen. They will still have a large number of
 patches. These critical monthly security patch
 updates, they're really more intended for higher priority
 updates that cannot wait for the next quarterly one. And
 about two weeks ago, Palo Alto did release an update for
 Global Protect. This was a fairly straightforward
 authentication bypass vulnerability. No huge
 surprise. But this vulnerability is now being
 exploited, according to Palo Alto. Given how often we have
 seen these kind of vulnerabilities being used by
 ransomware actors, look at Manuel's diary from last week
 where he walked through a case like that. This is definitely
 something that you must pay attention to and something
 that you probably want to patch. And, well, with Global
 Protect and its history in general, it's usually a good
 idea to have another firewall in front of it, at least to
 limit what IP addresses can connect to it. Well, and
 that's it for today. Thanks for liking. Thanks for
 subscribing. And remember, mid -July, I'll be teaching the
 Defending Web Application Security class at SANSFIRE
 in Washington, D.C. So hope to see some listeners there.
 Thanks and talk to you again tomorrow. Bye. Thanks for
 listening.
 Bye. Bye. Bye. Bye.