Handler on Duty: Xavier Mertens
Threat Level: green
Podcast Detail
SANS Stormcast Tuesday, June 16th, 2026: BASE64 Statistics; Cisco SD-WAN Exploited; AMD TSME Disabled; Poisoning Deep Research Agents
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9974.mp3
BASE64 Statistics; Cisco SD-WAN Exploited; AMD TSME Disabled; Poisoning Deep Research Agents
00:00
My Next Class
Click HERE to learn more about classes Johannes is teaching for SANS
Evil MSI Background: BASE64 Statistical Analysis
https://isc.sans.edu/diary/Evil%20MSI%20Background%3A%20BASE64%20Statistical%20Analysis/33072
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ
TSME/SME not activating on Ryzen 7 9700X
https://github.com/AMDESE/AMDSEV/issues/292
Deep-Research Agents Can Be Poisoned via User-Generated Content
https://arxiv.org/pdf/2605.24245
My Upcoming Classes
https://www.sans.org/profiles/dr-johannes-ullrich
iTunes
MP3 Download
RSS Feed
Google
Podbean
Amazon Echo
YouTube
Spreaker
Spotify
Discussion
Login here to join the discussion.
| Network Monitoring and Threat Detection In-Depth | Online | Arabian Standard Time | Jun 27th - Jul 2nd 2026 |
| Network Monitoring and Threat Detection In-Depth | Riyadh | Jun 27th - Jul 2nd 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Jul 13th - Jul 18th 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Online | British Summer Time | Jul 27th - Aug 1st 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Las Vegas | Sep 21st - Sep 25th 2026 |
| Network Monitoring and Threat Detection In-Depth | Amsterdam | Nov 9th - Nov 14th 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 14th - Dec 18th 2026 |
Podcast Transcript
Hello and welcome to the Tuesday, June 16th, 2026 edition of the SANS Internet Storm Center's Stormcast. My name is Johannes Ullrich, recording today from Jacksonville, Florida. And this episode is brought to you by the SANS.edu Undergraduate Certificate Program in Applied Cybersecurity. Well, I always love Didier's follow-up diaries to any kind of malware that Xavier discovered earlier. Xavier last week discovered this malware that was sort of hidden inside this MSI wallpaper. Well, Didier now shows us how to use his basic Base64 code tools in order to essentially figure out how the particular string here or the malware is encoded and how to extract it from the image. This is kind of a little bit interesting here. It's a base64 encoded, but there are two letters swapped. The A's are swapped for the number symbol. And then the string is also basically just used in reverse. So it starts with the equal equal symbol, which, well, usually you have at the end of the base64 encoded string. So interesting little trick here. And Didier walks us also through some of the like dead end that he ran into using these tools, which is obviously, I think, more realistic and also more educational because you may run into those same dead ends yourself. And Didier will show you how to overcome these dead ends. And Cisco released advisory and a fix to address a vulnerability in the Cisco Catalyst SD-WAN manager. This vulnerability is an arbitrary file write vulnerability. And of course, with that can lead to arbitrary code execution. Now, why is this only rated as a medium by Cisco? The main reason here is that this requires valid credentials. So you have to be authenticated in order to exploit the vulnerability, even though the CVSS score of 6.5 may be a little bit low here. The other thing that makes me talk about this vulnerability is that it's already being exploited in the wild. Cisco does have an addition kind of at the end of the advisory stating that as of June, meaning this month, they are available of limited exploitation of this vulnerability. I think an interesting issue with AMD CPUs. This particular issue was found by Ben Kilpatrick and relates to the encrypted memory feature. So AMD for a while had CPUs that supported encrypted memory. The idea was to prevent attacks like, for example, the evil mate attacks where you have someone get a hand off a system that's locked but running and is unable to shut it down and read out the memory before it actually is fully deleted. And there have been some sort of practical demonstrations of this particular attack. So with AMD CPUs encrypting memory, well, this attack no longer works. But it turns out as Ben figured out that this particular feature is, well, has been disabled on consumer level AMD CPUs. So on the Pro series, Epic server CPUs, it's still working on the consumer level CPUs. It's no longer working, even if it's enabled in the bias. And that's where it gets really interesting that, you know, after Ben figured it out, Ben contacted MSI, the maker of their motherboard, to see if there's maybe a bug in the motherboard that the bias setting is not correctly applied or such. MSI actually was surprised that it didn't work. And in the end, well, it turned out that this is a feature that was removed in a recent AMD CPU firmware update. So used to work apparently in these consumer CPUs, but no longer works, which, of course, in particular, one of the attack scenarios here that they're trying to prevent is the evil mate attack, which usually affects laptops and laptops typically run these consumer level CPUs. There are a couple other attacks that it also prevents that are more sort of server centric. But of course, it would be nice for AMD to actually have sort of told users that this feature had been disabled. Well, if you're listening to this podcast, you probably realize that any content from websites like Reddit or Wikipedia and such has to be taken with a grain of salt. Well, looks like large language models and deep research agents still have to learn that lessons. Researchers from Cornell University have found out that these models can actually be injected with partially malicious or at least wrong content by only changing very small snippets in these particular websites. These websites are very popular among large language models as a base for learning. And as a result, they actually weigh some of these sites probably more than they should. And well, this leads to short snippets like 10 to 20 words they found out to actually be then showing up in results. If you're asking a question from these models using your deep research agents. So that's definitely something to be aware of. And yet another thing to be concerned about when you're trying to trust any of these systems in particular for automation. Well, and that's it for today. Thanks for listening. Thanks for liking. Thanks for recommending this podcast. There's always some classes that I'm teaching. You can find them in the show notes. And that's it. Talk to you again tomorrow. Bye.
© 2026 SANS™ Internet Storm Center
Developers: We have an API for you! 