Podcast Detail

SANS ISC Stormcast Jan 31st 2025: Old Netgear Vuln in Depth; Lightning AI RCE; Canon Printer RCE; Deepseek Leak;

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9304.mp3

previous
Podcast Logo
SANS ISC Stormcast Jan 31st 2025: Old Netgear Vuln in Depth; Lightning AI RCE; Canon Printer RCE; Deepseek Leak;
00:00

Interested in Internet Storm Center stickers? Check here if there are still some available for today.


PCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary]
https://isc.sans.edu/diary/PCAPs%20or%20It%20Didn%27t%20Happen%3A%20Exposing%20an%20Old%20Netgear%20Vulnerability%20Still%20Active%20in%202025%20%5BGuest%20Diary%5D/31638

RCE Vulnerablity in AI Development Platform Lightning AI
Noma Security discovered a neat remote code execution vulnerability in Lightning AI. This vulnerability is exploitable by tricking a logged in user into clicking a simple link.
https://noma.security/noma-research-discovers-rce-vulnerability-in-ai-development-platform-lightning-ai/

Canon Laser Printers and Small Office Multifunctional Printer Vulnerabilities
Canon fixed three different vulnerablities affecting various laser and small office multifunctional printers. These vulnerabilities may lead to remote code execution, and there are some interesting exploit opportunities
https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers

Deepseek ClickHouse Database Leak
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak