Sands Internet Storm Center Stormcast Podcast Highlights Cybersecurity Issues

The Sands Internet Storm Center Stormcast podcast of December 22, 2025, hosted by Johannes Ullrich from Jacksonville (Florida), covers three main topics. First, a technical analysis of TLS (Threat Local Storage), a technique that exploits local environment variables to execute code before the main function of a Windows executable, including in DLL (PE) files. This method can bypass static malware analysis.

Next, a critical vulnerability in FreeBSD (no CVE mentioned) allows arbitrary code execution via IPv6 Router Advertisements, even on networks not configured for IPv6. The exploit relies on injecting commands into malicious domain names, processed without validation by a shell script. Patches are available for FreeBSD, OPNsense, and pfSense (through a configuration change).

Finally, a partial outage of NIST servers in Boulder (Colorado) due to strong winds and generator failures threatens the accuracy of time servers. Sites in Fort Collins and Gaithersburg (Maryland) are taking over, but NIST may block access to the affected servers. https://www.youtube.com/watch?v=bD3b4f-tHok