Podcast Detail

SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln;

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9358.mp3

Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln;

00:00

Application Security: Securing Web Apps, APIs, and Microservices	Orlando	Apr 13th - Apr 18th 2025
Application Security: Securing Web Apps, APIs, and Microservices	San Diego	May 5th - May 10th 2025

Shellcode Encoded in UUIDs
Attackers are using UUIDs to encode Shellcode. The 128 Bit (or 16 Bytes) encoded in each UUID are converted to shell code to implement a cobalt strike beacon
https://isc.sans.edu/diary/Shellcode%20Encoded%20in%20UUIDs/31752

Moxa CVE-2024-12297 Expanded to PT Switches
Moxa in January first releast an update to address a fronted authorizaation logic disclosure vulnerability. It now updated the advisory and included the PT series switches as vulenrable.
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches

Opentext Insufficently Protected Credentials
https://portal.microfocus.com/s/article/KM000037455?language=en_US

Livewire Volt API vulnerability
https://github.com/livewire/volt/security/advisories/GHSA-v69f-5jxm-hwvv

iTunes

MP3 Download

RSS Feed

Google

Podbean

Amazon Echo

YouTube

Spreaker

Spotify

Application Security: Securing Web Apps, APIs, and Microservices	Orlando	Apr 13th - Apr 18th 2025
Application Security: Securing Web Apps, APIs, and Microservices	San Diego	May 5th - May 10th 2025
Network Monitoring and Threat Detection In-Depth	Baltimore	Jun 2nd - Jun 7th 2025
Application Security: Securing Web Apps, APIs, and Microservices	Washington	Jul 14th - Jul 19th 2025

no transcript found