A

Hello and welcome to the Thursday, March 26, 2026 edition of the SANS Internet Storm Center's Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida and this episode is brought to you by the Sans Edu Graduate Certificate Program in Purple Team Operations. Well, let's start with Apple patches. They actually came out yesterday, but due to the relatively large launch Litelm and Trivi story, we didn't really have time for them yesterday. So Apple patched as usual, everything covering 85 different vulnerabilities across their different operating systems with the usual overlap between them. For iOS we actually also got patches for the last version. So iOS 18MacOS, well a total of three versions. So the current one 26 as well as 15 and 14 the remaining operations we only got for the current version. Now a little bit an odd here with WatchOS we got updates for two more versions, but the updates there state that they don't fix any security issues. So the security issues affecting WatchOS 26 may not affect these older versions or they just haven't gotten around yet to patch them. Remember there was of this big hoopla lately about certainly some newer Apple malware that used some vulnerabilities that were patched before. So these are not recent vulnerabilities, but in the past they have been more used sort of in these more sophisticated spyware, government malware kind of packages. They're now used more widely and that's overall always sort of a trend where you know what used to be sort of a more sophisticated and limited vulnerability or exploit a couple years ago, they tend to trickle down to sort of become more mass exploits. So definitely make sure that you keep your systems up to date. None of the vulnerabilities being patched here is labeled as being already exploited. I want to have a quick update to the Light LLM team PNP Privy story from yesterday. Just a couple items actually two items. First of all, after I recorded yesterday I actually learned that Sans had a special webcast today. The webcast has been archived and I added a link to the show notes. I was able to add a link to yesterday's show notes but well, it was too late when I found out to actually mention it in the show itself. Well, Ken Hartmund and Eric Johnson are talking about these attacks about sort of the entire supply chain attack issue. And then we also got an email from Michael Rosenfeld who wrote a nice blog post about some of the issues around pinning to a particular git hash, like pinning to these SHA hashes. What you have to Be aware of here that you're doing it correctly and are still not vulnerable. And then just a general comment, one of the number one things that you need to do if you ran Lightlm or any one of these affected products here is you need to be able to rotate your credentials. You should do that even if you just have a suspicion. If you aren't sure if you had that actual vulnerable version, you should still rotate your credentials even. Well, probably if you don't think you're affected at all. It may be a good idea to rotate your credentials just to know that you can actually do it, because it's not easy. Remember how one of the problems here was that initially some of the credentials weren't completely rotated at the first compromise? It's not easy to do it correctly. You'll only do it right if you sort of automate it, if you do it routinely. And that's why it shouldn't really be one of those sort of special things that you're doing. I know it is and I know it's not easy. I mentioned secrets management yesterday. That's sort of one of the things that you really have to get under control for these attacks. Team pcp, actually pcp, not PNP I think I call them sometimes a little bit wrong here, but Team pcp, they actually mentioned to some journalists who were able to get in contact with them that they have something like 300 gigabytes of credentials. So like I said, this is just the tip of the iceberg now. And basically they have no too much credentials now. They need to sort of go through them and filter out which ones are worth actually, you know, attacking further. So that's just a quick sort of add on here to yesterday's story. Heather Atkins and Sophie Schmiek with Google published a blog post stating that, well, Google is now aiming to move to quantum safe cryptography by 2029. They moved up their timeline here somewhat, basically accelerated the switch over. Looking at, well, sort of the current threat landscape essentially. Of course, Google has been involved in quantum computing for quite a while and has been practicing it, has had quantum computers on site and been working with them. So they certainly do have some understanding of the capabilities of these systems and how they are currently evolving. I've talked last year about some of the breakthroughs that came like from Microsoft and such. On the other hand, you also have to understand that Google has to work with a fairly accelerated timeline here because a lot of others are essentially waiting on Google to implement things like quantum safe algorithms in operating systems like Android in Chrome which already supports it, of course. So they must be sort of at the forefront here. They also sort of explain that in their blog post. But what this really means for you is that, you know, with industry leaders like Google kind of moving ahead with that, you probably will have the tools you need to switch over to quantum safe algorithm shortly after that. I would say, you know, 30 to 30, 2030 to 2032 is probably when you can sort of set your own goal to switch to quantum safe algorithms or at least to offer them your customers because by then, you know, given that 2029, a lot of operating systems will contain those algorithms, you will have a good chance to find the industry support that you need in order to switch over. Well, and this is it for today. So thanks for listening, thanks for liking and thanks for subscribing to this podcast. And as always, talk to you again tomorrow. Bye.