SANS Stormcast Friday, October 17th, 2025: New Slack Workspace; Cisco SNMP Exploited; BIOS Backdoor; @sans_edu reseach: Active Defense
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 17 October 2025
⏱️ 21 minutes
🧾️ Download transcript
Summary
Due to an error on Salesforce s side, we had to create a new Slack Workspace for DShield support.
https://isc.sans.edu/diary/New%20DShield%20Support%20Slack/32376
Attackers Exploiting Recently Patched Cisco SNMP Flaw (CVE-2025-20352)
Trend Micro published details explaining how attackers took advantage of a recently patched Cisco SNMP Vulnerability
https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
Framework BIOS Backdoor
The mm command implemented in Framework BIOS shells can be used to compromise a device pre-boot.
https://eclypsium.com/blog/bombshell-the-signed-backdoor-hiding-in-plain-sight-on-framework-devices/
SANS.edu Research: Mark Stephens, Validating the Effectiveness of MITRE Engage and Active Defense
https://www.sans.edu/cyber-research/validating-effectiveness-mitre-engage-active-defense/
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Friday, October 17th, |
| 0:07.8 | 2025 edition of the Sands Internet Storm Center's Stormcast. |
| 0:12.7 | My name is Johannes Ulrich, recording today from Jacksonville, Florida. |
| 0:18.1 | And this episode is brought you by the sands.edu master stick-free program in |
| 0:22.9 | information security engineering. Well, today's diary was really more sort of a little bit |
| 0:27.7 | internal thing and that's a new DeShield support Slack workspace. We had Slack work spaces |
| 0:35.2 | for the last almost 10 years, I believe, that we started using Slack |
| 0:41.3 | and has been quite successful. Sadly, Salesforce, which was the company behind Slack, |
| 0:46.6 | for some reason that I haven't really been able to track down exactly how it happened, |
| 0:52.5 | moved us to an enterprise account. |
| 0:54.6 | Now, they're known to sometimes offer sort of trial pro accounts, but apparently they |
| 1:00.9 | mix it up with a SANS account, moved us to the enterprise account. |
| 1:06.9 | And while it was nice to have the features, the bill was not quite as nice, |
| 1:11.8 | and they weren't able to easily undo their mistake. |
| 1:15.6 | So the only option we really had was to move to a new Slack workspace. |
| 1:21.7 | And that's what we're doing now. |
| 1:23.4 | You should have already received an email with a link to the new Slack workspace if you signed up for the original Slack workspace. |
| 1:32.2 | And there's also a link in today's diary. |
| 1:35.6 | Also, all the other links to our Slack workspace are hopefully updated. |
| 1:39.4 | If not, let me know if something still points to the old Slack workspace. |
| 1:44.0 | The old |
| 1:44.5 | workspace will be deleted on Monday and then everything should be moved over to the new |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.