SANS Internet Storm Center Stormcast March 9, 2026: Updates on Yara X, IP Camera Attacks, and EngineX UI Vulnerabilities

The March 9, 2026, edition of the SANS Internet Storm Center Stormcast, hosted by Johannes Ullrich in Jacksonville, Florida, reported updates to Yara X, including a new depths command for debugging rule dependencies via graphical visualization. Check Point observed an increase in attacks targeting IP cameras, particularly in Israeli IP address space, though the speaker noted such attacks are historically common and often involve unpatched or internet-exposed devices. The OpenJS Foundation launched an Upgrade Modernization Program to assist organizations in migrating from end-of-life Node.js versions, targeting the 70-80% of outdated installations, with support limited to long-term support (LTS) releases. Two critical vulnerabilities were disclosed in EngineX UI, a web interface for the EngineX server: one allowing unauthenticated access to backup APIs and another exposing encryption keys and IVs in the X-Backup-Security header, enabling trivial decryption of backups. The segment emphasized the risks of exposing management interfaces like EngineX UI to the internet.