SANS Stormcast Tuesday, June 16th, 2026: BASE64 Statistics; Cisco SD-WAN Exploited; AMD TSME Disabled; Poisoning Deep Research Agents

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9974.mp3

previous

BASE64 Statistics; Cisco SD-WAN Exploited; AMD TSME Disabled; Poisoning Deep Research Agents

00:00

iTunes

MP3 Download

RSS Feed

Google

Podbean

Amazon Echo

YouTube

Spreaker

Spotify

Discussion

Login here to join the discussion.

Podcast Transcript

 Hello and welcome to the Tuesday, June 16th, 2026
 edition of the SANS Internet Storm Center's Stormcast. My
 name is Johannes Ullrich, recording today from
 Jacksonville, Florida. And this episode is brought to you
 by the SANS.edu Undergraduate Certificate Program in Applied
 Cybersecurity. Well, I always love Didier's follow-up
 diaries to any kind of malware that Xavier discovered
 earlier. Xavier last week discovered this malware that
 was sort of hidden inside this MSI wallpaper. Well, Didier
 now shows us how to use his basic Base64 code tools in order
 to essentially figure out how the particular string here or
 the malware is encoded and how to extract it from the image.
 This is kind of a little bit interesting here. It's a
 base64 encoded, but there are two letters swapped. The A's
 are swapped for the number symbol. And then the string is
 also basically just used in reverse. So it starts with the
 equal equal symbol, which, well, usually you have at the
 end of the base64 encoded string. So interesting little
 trick here. And Didier walks us also through some of the
 like dead end that he ran into using these tools, which is
 obviously, I think, more realistic and also more
 educational because you may run into those same dead ends
 yourself. And Didier will show you how to overcome these dead
 ends. And Cisco released advisory and a fix to address
 a vulnerability in the Cisco Catalyst SD-WAN manager. This
 vulnerability is an arbitrary file write vulnerability. And
 of course, with that can lead to arbitrary code execution.
 Now, why is this only rated as a medium by Cisco? The main
 reason here is that this requires valid credentials. So
 you have to be authenticated in order to exploit the
 vulnerability, even though the CVSS score of 6.5 may be a
 little bit low here. The other thing that makes me talk about
 this vulnerability is that it's already being exploited
 in the wild. Cisco does have an addition kind of at the end
 of the advisory stating that as of June, meaning this
 month, they are available of limited exploitation of this
 vulnerability. I think an interesting issue with AMD
 CPUs. This particular issue was found by Ben Kilpatrick
 and relates to the encrypted memory feature. So AMD for a
 while had CPUs that supported encrypted memory. The idea was
 to prevent attacks like, for example, the evil mate attacks
 where you have someone get a hand off a system that's
 locked but running and is unable to shut it down and
 read out the memory before it actually is fully deleted. And
 there have been some sort of practical demonstrations of
 this particular attack. So with AMD CPUs encrypting
 memory, well, this attack no longer works. But it turns out
 as Ben figured out that this particular feature is, well,
 has been disabled on consumer level AMD CPUs. So on the Pro
 series, Epic server CPUs, it's still working on the consumer
 level CPUs. It's no longer working, even if it's enabled
 in the bias. And that's where it gets really interesting
 that, you know, after Ben figured it out, Ben contacted
 MSI, the maker of their motherboard, to see if there's
 maybe a bug in the motherboard that the bias setting is not
 correctly applied or such. MSI actually was surprised that it
 didn't work. And in the end, well, it turned out that this
 is a feature that was removed in a recent AMD CPU firmware
 update. So used to work apparently in these consumer
 CPUs, but no longer works, which, of course, in
 particular, one of the attack scenarios here that they're
 trying to prevent is the evil mate attack, which usually
 affects laptops and laptops typically run these consumer
 level CPUs. There are a couple other attacks that it also
 prevents that are more sort of server centric. But of course,
 it would be nice for AMD to actually have sort of told
 users that this feature had been disabled. Well, if you're
 listening to this podcast, you probably realize that any
 content from websites like Reddit or Wikipedia and such
 has to be taken with a grain of salt. Well, looks like
 large language models and deep research agents still have to
 learn that lessons. Researchers from Cornell
 University have found out that these models can actually be
 injected with partially malicious or at least wrong
 content by only changing very small snippets in these
 particular websites. These websites are very popular
 among large language models as a base for learning. And as a
 result, they actually weigh some of these sites probably
 more than they should. And well, this leads to short
 snippets like 10 to 20 words they found out to actually be
 then showing up in results. If you're asking a question from
 these models using your deep research agents. So that's
 definitely something to be aware of. And yet another
 thing to be concerned about when you're trying to trust
 any of these systems in particular for automation.
 Well, and that's it for today. Thanks for listening. Thanks
 for liking. Thanks for recommending this podcast.
 There's always some classes that I'm teaching. You can
 find them in the show notes. And that's it. Talk to you
 again tomorrow. Bye.