SANS ISC Stormcast, Jan 23, 2025: PFSync Protocol; Oracle CPU; Korean VPN Supply Chain Attack; Ivanti Guidance

In today's episode, we start by talking about the PFSYNC protocol used to synchronize firewall states to support failover. Oracle released it's quarterly critical patch update. ESET is reporting about a critical VPN supply chain attack and CISA released guidance for victims of recent Ivanti related attacks.
Catching CARP: Fishing for Firewall States in PFSync Traffic
https://isc.sans.edu/diary/Catching%20CARP%3A%20Fishing%20for%20Firewall%20Stat%20es%20in%20PFSync%20Traffic/31616)**
Discover how attackers exploit PFSync traffic to manipulate firewall states. This deep dive explores vulnerabilities and mitigation strategies in network defense.
Oracle Critical Patch Update January 2025
https://www.oracle.com/security-alerts/cpujan2025.html)**
Oracle's January 2025 patch release addresses numerous critical vulnerabilities across their product suite. Learn about key updates and how to secure your systems.
PlushDaemon: Compromising the Supply Chain of a Korean VPN Service
https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/
ESET Research uncovers PlushDaemon, a sophisticated supply chain attack targeting a Korean VPN provider. Understand the implications for supply chain security.
CISA Cybersecurity Advisory: AA25-022A
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a
The latest advisory highlights active threats and mitigation strategies for critical infrastructure. Stay ahead with CISA s guidance on emerging cyber risks.