SANS Stormcast Monday June 30th, 2025: Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resliliency Initiative
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 30 June 2025
⏱️ 7 minutes
🧾️ Download transcript
Summary
Scattered Spider Update
The threat actor known as Scattered Spider is in the news again, this time focusing on airlines. But the techniques used by Scattered Spider, social engineering, are still some of the most dangerous techniques used by various threat actors.
https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations?e=48754805
AMI BIOS Vulnerability Exploited CVE-2024-54085
A vulnerability in the Redfish remote access software, including AMI s BIOS, is now being exploited.
https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf
https://eclypsium.com/blog/ami-megarac-vulnerabilities-bmc-part-3/
Act now: Secure Boot certificates expire in June 2026
The Microsoft certificates used in Secure Boot are the basis of trust for operating system security, and all will be expiring beginning June 2026.
https://techcommunity.microsoft.com/blog/windows-itpro-blog/act-now-secure-boot-certificates-expire-in-june-2026/4426856
The Windows Resiliency Initiative: Building resilience for a future-ready enterprise
Microsoft announced more details about its future security and resilience strategy for Windows. In particular, security tools will no longer have kernel access, which is supposed to prevent a repeat of the Cloudflare issue, but may also restrict security tools functionality.
https://blogs.windows.com/windowsexperience/2025/06/26/the-windows-resiliency-initiative-building-resilience-for-a-future-ready-enterprise/
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Monday, June 30th, |
| 0:03.6 | 2025 edition of the Sands Internet Storm Center's Stormcast. |
| 0:08.8 | My name is Johannes Ulrich, and today's episode is brought to you |
| 0:12.6 | by the Master's degree program in Information Security Engineering with sands.edu, |
| 0:18.7 | and it is recorded in Stockholm, Germany. |
| 0:22.6 | I want to start today with a little note about scattered spider. |
| 0:27.6 | This is not news by any means. |
| 0:29.6 | Scattered spider has been around for a while now. |
| 0:33.6 | It, however, keeps being around, keeps hitting the news because they use a technique that has |
| 0:40.2 | historically been uniquely successful, and that's social engineering. |
| 0:45.1 | If you remember, groups like lapses, for example, which, you know, as it later turned out, |
| 0:50.2 | where in no way sort of not super sophisticated nation state actors, |
| 0:55.2 | really just teenagers that basically conducted attacks |
| 0:59.3 | and were able to breach fairly well-defended organizations. |
| 1:04.6 | Same with Scattered Spider, |
| 1:06.9 | even though I haven't already seen any sort of real attribution |
| 1:09.8 | what Scattered Spider may sort of be all about. |
| 1:14.4 | But what I want to point out here is a couple things. |
| 1:17.5 | First off, all, Mandyant came up with a nice document to defend against Scattered Spider. |
| 1:22.8 | In particular, focus on some of the identity aspects here. |
| 1:26.5 | So better monitoring of your identity |
| 1:28.4 | endpoints to maybe detect some takeovers here. Also, when you're thinking about |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.