Episode Description

Forecast = Hazy, with a 60% chance of KEV squals towards the end of the week.

In this episode of Storm⚡Watch, we start by discussing Ivanti's CEO Jeff Abbott's pledge for a comprehensive security overhaul following a series of breaches linked to vulnerabilities, including CVE-2024-21894. We also explore Andres Freund's accidental heroism in uncovering a backdoor in Linux software, and delve into the vulnerability of D-Link NAS devices to remote code execution.

Cybersecurity Frontlines: Ivanti's Pledge and Vulnerabilities

Ivanti CEO Jeff Abbott has publicly committed to a comprehensive security overhaul following
a series of breaches linked to vulnerabilities in Ivanti's products. This episode will explore the
implications of Ivanti's new security initiatives and the recent discovery of critical
vulnerabilities, including CVE-2024-21894, a heap overflow vulnerability in Ivanti Connect
Secure and Policy Secure. We'll discuss the company's promise to adopt a Secure-By-
Design ethos and the potential impact on the cybersecurity community.

Andres Freund: The Accidental Hero


Our Cyber Spotlight shines on Andres Freund, a software engineer whose routine
maintenance work led to the inadvertent discovery of a backdoor in a piece of Linux software
(XZ). This discovery potentially thwarted a major cyberattack, earning Freund accolades from
the tech community and a feature in The New York Times. We'll discuss the critical role of
open-source software maintainers in cybersecurity and the importance of vigilance in the
industry.


D-Link NAS Devices Under Siege


A significant threat looms over users of D-Link NAS devices as CVE-2024-3273, a remote
code execution vulnerability, is actively being exploited in the wild. With, perhaps, 92,000
devices at risk, we'll dissect the nature of the vulnerability, the hardcoded backdoor account,
and the command injection flaw that leaves these devices open to attack. We'll also cover the
steps D-Link has taken to address the issue and the importance of securing legacy devices.


Shameless Self-Promotion: GreyNoise and Censys


Don't miss our segment on GreyNoise and Censys, where we'll highlight their contributions to the cybersecurity field. GreyNoise's analysis of the D-Link NAS vulnerability and their
upcoming NetNoiseCon event are on the agenda, as well as Censys' Threat Hunting
Workshop in Philadelphia.


Tag Round-Up: Vulnerability Alerts


We'll wrap up with a rapid-fire rundown of recent vulnerability alerts, including a variety of
CVEs that have been identified and tagged for tracking. This segment will provide listeners
with a concise overview of the threats they should be aware of and the actions they can take
to protect their systems.

View episode Slides
Link to GreyNoise Twitter account
Link to GreyNoise Twitter account