Handler on Duty: Johannes Ullrich
Threat Level: green
Podcast Detail
SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE;
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9374.mp3
My Next Class
| Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Apr 13th - Apr 18th 2025 |
| Application Security: Securing Web Apps, APIs, and Microservices | San Diego | May 5th - May 10th 2025 |
Some New Data Feeds and Little Incident
We started offering additional data feeds, and an SEO spamer attempted to make us change a link from an old podcast episode.
https://isc.sans.edu/diary/Some%20new%20Data%20Feeds%2C%20and%20a%20little%20%22incident%22./31786
Veeam Deserialization Vulnerability
Veeam released details regarding the latest vulnerablity in Veeam, pointing out the insufficient patch applied to a prior deserialization vulnerability.
https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/
IBM AIX Vulnerablity
The AIX NIM service is vulnerable to an unauthenticated remote code execution vulnerability
https://www.ibm.com/support/pages/node/7186621
thanks Chris Mosby for Spotify comment
iTunes
MP3 Download
RSS Feed
Google
Podbean
Amazon Echo
YouTube
Spreaker
Spotify
Discussion
Login here to join the discussion.
| Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Apr 13th - Apr 18th 2025 |
| Application Security: Securing Web Apps, APIs, and Microservices | San Diego | May 5th - May 10th 2025 |
| Network Monitoring and Threat Detection In-Depth | Baltimore | Jun 2nd - Jun 7th 2025 |
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Jul 14th - Jul 19th 2025 |
Learn about the Internet Storm Center and our volunteer InfoSec handlers
© 2025 SANS™ Internet Storm Center
Developers: We have an API for you! 