ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory "
Episode Synopsis
nanoKVM Vulnerabilities
The nanoKVM device updates firmware insecurely; however, the microphone that the authors of the advisory referred to as undocumented may actually be documented in the underlying hardware description.
https://www.tomshardware.com/tech-industry/cyber-security/researcher-finds-undocumented-microphone-and-major-security-flaws-in-sipeed-nanokvm
Ghostframe Phishing Kit
The Ghostframe phishing kit uses iFrames and random subdomains to evade detection
https://blog.barracuda.com/2025/12/04/threat-spotlight-ghostframe-phishing-kit
WatchGuard Advisory
WatchGuard released an update for its Firebox appliance, fixing ten vulnerabilities. Five of these are rated as High.
https://www.watchguard.com/wgrd-psirt/advisories
More episodes of the podcast SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches
15/12/2025
SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack
12/12/2025
SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby patches.
10/12/2025
In God we trust