Handler on Duty: Xavier Mertens
Threat Level: green
Podcast Detail
SANS Stormcast Friday, October 17th, 2025: New Slack Workspace; Cisco SNMP Exploited; BIOS Backdoor; @sans_edu research: Active Defense
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9660.mp3
New Slack Workspace; Cisco SNMP Exploited; BIOS Backdoor; @sans_edu reseach: Active Defense
00:00
My Next Class
| Application Security: Securing Web Apps, APIs, and Microservices | Dallas | Dec 1st - Dec 6th 2025 |
| Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Mar 29th - Apr 3rd 2026 |
New DShield Support Slack Workspace
Due to an error on Salesforce’s side, we had to create a new Slack Workspace for DShield support.
https://isc.sans.edu/diary/New%20DShield%20Support%20Slack/32376
Attackers Exploiting Recently Patched Cisco SNMP Flaw (CVE-2025-20352)
Trend Micro published details explaining how attackers took advantage of a recently patched Cisco SNMP Vulnerability
https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
Framework BIOS Backdoor
The mm command implemented in Framework BIOS shells can be used to compromise a device pre-boot.
https://eclypsium.com/blog/bombshell-the-signed-backdoor-hiding-in-plain-sight-on-framework-devices/
SANS.edu Research: Mark Stephens, Validating the Effectiveness of MITRE Engage and Active Defense
https://www.sans.edu/cyber-research/validating-effectiveness-mitre-engage-active-defense/
Due to an error on Salesforce’s side, we had to create a new Slack Workspace for DShield support.
https://isc.sans.edu/diary/New%20DShield%20Support%20Slack/32376
Attackers Exploiting Recently Patched Cisco SNMP Flaw (CVE-2025-20352)
Trend Micro published details explaining how attackers took advantage of a recently patched Cisco SNMP Vulnerability
https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
Framework BIOS Backdoor
The mm command implemented in Framework BIOS shells can be used to compromise a device pre-boot.
https://eclypsium.com/blog/bombshell-the-signed-backdoor-hiding-in-plain-sight-on-framework-devices/
SANS.edu Research: Mark Stephens, Validating the Effectiveness of MITRE Engage and Active Defense
https://www.sans.edu/cyber-research/validating-effectiveness-mitre-engage-active-defense/
iTunes
MP3 Download
RSS Feed
Google
Podbean
Amazon Echo
YouTube
Spreaker
Spotify
Discussion
Login here to join the discussion.
| Application Security: Securing Web Apps, APIs, and Microservices | Dallas | Dec 1st - Dec 6th 2025 |
| Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Mar 29th - Apr 3rd 2026 |
| Network Monitoring and Threat Detection In-Depth | Amsterdam | Apr 20th - Apr 25th 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | San Diego | May 11th - May 16th 2026 |
| Network Monitoring and Threat Detection In-Depth | Riyadh | Jun 20th - Jun 25th 2026 |
Keep yourself informed with our aggregate InfoSec news
© 2025 SANS™ Internet Storm Center
Developers: We have an API for you! 