Podcast Detail

SANS Stormcast Monday June 30th, 2025: Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resliliency Initiative

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9510.mp3

previous
Podcast Logo
Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resliliency Initiative
00:00

Scattered Spider Update
The threat actor known as Scattered Spider is in the news again, this time focusing on airlines. But the techniques used by Scattered Spider, social engineering, are still some of the most dangerous techniques used by various threat actors.
https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations?e=48754805

AMI BIOS Vulnerability Exploited CVE-2024-54085
A vulnerability in the Redfish remote access software, including AMI’s BIOS, is now being exploited.
https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf
https://eclypsium.com/blog/ami-megarac-vulnerabilities-bmc-part-3/

Act now: Secure Boot certificates expire in June 2026
The Microsoft certificates used in Secure Boot are the basis of trust for operating system security, and all will be expiring beginning June 2026. 
https://techcommunity.microsoft.com/blog/windows-itpro-blog/act-now-secure-boot-certificates-expire-in-june-2026/4426856

The Windows Resiliency Initiative: Building resilience for a future-ready enterprise
Microsoft announced more details about its future security and resilience strategy for Windows. In particular, security tools will no longer have kernel access, which is supposed to prevent a repeat of the Cloudflare issue, but may also restrict security tools’ functionality.
https://blogs.windows.com/windowsexperience/2025/06/26/the-windows-resiliency-initiative-building-resilience-for-a-future-ready-enterprise/

no transcript found