Sign up to save your podcasts
Or
Share SANS Stormcast Tuesday Apr 1st: Apache Camel Exploits; New Cert Authorities Requirements; Possible Oracle Breach
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
SANS Stormcast Tuesday Apr 1st: Apache Camel Exploits; New Cert Authorities Requirements; Possible Oracle Breach
Apache Camel Exploit Attempt by Vulnerability Scans
A recently patched vulnerability in Apache Camel has been integrated into some vulnerability scanners, like for example OpenVAS. We do see some exploit attempts in our honeypots, but they appear to be part of internal vulnerablity scans
https://isc.sans.edu/diary/Apache%20Camel%20Exploit%20Attempt%20by%20Vulnerability%20Scan%20%28CVE-2025-27636%2C%20CVE-2025-29891%29/31814
New Security Requirements for Certificate Authorities
Starting in July, certificate authorities need to verify domain ownership data from multiple viewpoints around the internet. They will also have to use linters to verify certificate requests.
https://security.googleblog.com/2025/03/new-security-requirements-adopted-by.html
Possible Oracle Breach
Oracle still denies being the victim of a data berach as leaked data may show different.
https://doublepulsar.com/oracle-attempt-to-hide-serious-cybersecurity-incident-from-customers-in-oracle-saas-service-9231c8daff4a
https://www.theregister.com/2025/03/30/infosec_news_in_brief/
https://www.darkreading.com/cyberattacks-data-breaches/oracle-still-denies-breach-researchers-persist
View all episodes
By Johannes B. Ullrich
4.9
629629 ratings
Apache Camel Exploit Attempt by Vulnerability Scans
A recently patched vulnerability in Apache Camel has been integrated into some vulnerability scanners, like for example OpenVAS. We do see some exploit attempts in our honeypots, but they appear to be part of internal vulnerablity scans
https://isc.sans.edu/diary/Apache%20Camel%20Exploit%20Attempt%20by%20Vulnerability%20Scan%20%28CVE-2025-27636%2C%20CVE-2025-29891%29/31814
New Security Requirements for Certificate Authorities
Starting in July, certificate authorities need to verify domain ownership data from multiple viewpoints around the internet. They will also have to use linters to verify certificate requests.
https://security.googleblog.com/2025/03/new-security-requirements-adopted-by.html
Possible Oracle Breach
Oracle still denies being the victim of a data berach as leaked data may show different.
https://doublepulsar.com/oracle-attempt-to-hide-serious-cybersecurity-incident-from-customers-in-oracle-saas-service-9231c8daff4a
https://www.theregister.com/2025/03/30/infosec_news_in_brief/
https://www.darkreading.com/cyberattacks-data-breaches/oracle-still-denies-breach-researchers-persist
More shows like SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
View all
Security Now (Audio)
1,981 Listeners
Risky Business
364 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
Hacked
180 Listeners
CyberWire Daily
1,016 Listeners
Smashing Security
316 Listeners
Click Here
407 Listeners
Darknet Diaries
7,929 Listeners
Cybersecurity Today
164 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
311 Listeners
Defense in Depth
76 Listeners
Cyber Security Headlines
128 Listeners
Risky Bulletin
43 Listeners
Hacker And The Fed
168 Listeners