Episodios

  • SANS Stormcast Wednesday, October 8th, 2025: FreePBX Exploits; Disrupting Teams Threats; Kibana and QT SVG Patches (#)

    SANS Stormcast Wednesday, October 8th, 2025: FreePBX Exploits; Disrupting Teams Threats; Kibana and QT SVG Patches (#)
    Oct 8 2025
    SANS Stormcast Wednesday, October 8th, 2025: FreePBX Exploits; Disrupting Teams Threats; Kibana and QT SVG Patches FreePBX Exploit Attempts (CVE-2025-57819) A FreePBX SQL injection vulnerability disclosed in August is being used to execute code on affected systems. https://isc.sans.edu/diary/Exploit%20Against%20FreePBX%20%28CVE-2025-57819%29%20with%20code%20execution./32350 Disrupting Threats Targeting Microsoft Teams Microsoft published a blog post outlining how to better secure Teams. https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/ Kibana XSS Patch CVE-2025-25009 Elastic patched a stored XSS vulnerability in Kibana https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-and-9-1-5-security-update-esa-2025-20/382449 QT SVG Vulnerabilities CVE-2025-10728, CVE-2025-10729, The QT group fixed two vulnerabilities in the QT SVG module. One of the vulnerabilities may be used for code execution https://www.qt.io/blog/security-advisory-uncontrolled-recursion-and-use-after-free-vulnerabilities-in-qt-svg-module-impact-qt keywords: kibana; elastic; xss; microsoft; teams; freepbx; sql injection; svg; qt
    Más Menos
    6 m
  • SANS Stormcast Tuesday, October 7th, 2025: More About Oracle; Redis Vulnerability; GoAnywhere Exploited (#)

    SANS Stormcast Tuesday, October 7th, 2025: More About Oracle; Redis Vulnerability; GoAnywhere Exploited (#)
    Oct 7 2025
    SANS Stormcast Tuesday, October 7th, 2025: More About Oracle; Redis Vulnerability; GoAnywhere Exploited More Details About Oracle 0-Day The exploit is now widely distributed and has been analyzed to show the nature of the underlying vulnerabilities. https://isc.sans.edu/diary/Quick%20and%20Dirty%20Analysis%20of%20Possible%20Oracle%20E-Business%20Suite%20Exploit%20Script%20%28CVE-2025-61882%29%20%5BUPDATED%5B/32346 https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ Redis Vulnerability Redis patched a ciritcal use after free vulnerability that could lead to arbitrary code execution. https://redis.io/blog/security-advisory-cve-2025-49844/ GoAnywhere Bug Exploited Microsoft is reporting about the exploitation of the recent GoAnywhere vulnerability https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/ keywords: goanywhere; redis; oracle; ebusiness suite
    Más Menos
    6 m
  • SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day (#)

    SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day (#)
    Oct 6 2025
    SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day Oracle E-Business Suite 0-Day CVE-2025-61882 Last week, the Cl0p ransomware gang sent messages to many businesses stating that an Oracle E-Business Suite vulnerability was used to exfiltrate data. Initially, Oracle believed the root cause to be a vulnerability patched in June, but now Oracle released a patch for a new vulnerability. https://www.oracle.com/security-alerts/alert-cve-2025-61882.html Zimbra Exploit Analysis An exploit against a Zimbra system prior to the patch release is analyzed. These exploits take advantage of .ics files to breach vulnerable systems. https://strikeready.com/blog/0day-ics-attack-in-the-wild/ Unity Editor Vulnerability CVE-2025-59489 The Unity game editor suffered from a code execution vulnerablity that would also expose software developed with vulnerable versions https://unity.com/security/sept-2025-01 keywords: oracle; cl0p; e-business suite; unity; zimbra
    Más Menos
    6 m
  • SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln; (#)

    SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln; (#)
    Oct 2 2025
    SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln; More .well-known scans Attackers are using API documentation automatically published in the .well-known directory for reconnaissance. https://isc.sans.edu/diary/More%20.well-known%20Scans/32340 RedHat Patches Openshift AI Services A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example, as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. https://access.redhat.com/security/cve/cve-2025-10725#cve-affected-packages TOTOLINK X6000R Vulnerabilities Paloalto released details regarding three recently patched vulnerabilities in TotalLink-X6000R routers. https://unit42.paloaltonetworks.com/totolink-x6000r-vulnerabilities/ DrayOS Vulnerability Patched Draytek fixed a single memory corruption vulnerability in its Vigor series router. An unauthenticated user may use it to execute arbitrary code. https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities keywords: .well-known; redhat; openshift
    Más Menos
    7 m
  • SANS Stormcast Thursday, October 2nd, 2025: Honeypot Passwords; OneLogin Vuln; Breaking Intel SGX; OpenSSL Patch (#)

    SANS Stormcast Thursday, October 2nd, 2025: Honeypot Passwords; OneLogin Vuln; Breaking Intel SGX; OpenSSL Patch (#)
    Oct 1 2025
    SANS Stormcast Thursday, October 2nd, 2025: Honeypot Passwords; OneLogin Vuln; Breaking Intel SGX; OpenSSL Patch Comparing Honeypot Passwords with HIBP Most passwords used against our honeypots are also found in the “Have I been pwn3d” list. However, the few percent that are not found tend to be variations of known passwords, extending them to find likely mutations. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Comparing%20Honeypot%20Passwords%20with%20HIBP/32310 Breaking Server SGX via DRAM Inspection By observing read and write operations to memory, it is possible to derive keys stored in SGX and break the security of systems relying on SGX. https://wiretap.fail/files/wiretap.pdf OneLogin OIDC Vulnerability A vulnerability in OneLogin can be used to read secret application keys https://www.clutch.security/blog/onelogin-many-secrets-clutch-uncovers-vulnerability-exposing-client-credentials OpenSSL Patch OpenSSL patched three vulnerabilities. One could lead to remote code execution, but the feature is used infrequently, and the exploit is difficult, according to OpenSSL keywords: openssl, onelogin, sgx, dram, hibp, passwords
    Más Menos
    8 m
  • SANS Stormcast Wednesday, October 1st, 2025: Cookie Auth Issues; Western Digtial Command Injection; sudo exploited; (#)

    SANS Stormcast Wednesday, October 1st, 2025: Cookie Auth Issues; Western Digtial Command Injection; sudo exploited; (#)
    Sep 30 2025
    SANS Stormcast Wednesday, October 1st, 2025: Cookie Auth Issues; Western Digtial Command Injection; sudo exploited; Sometimes you don’t even need to log in Applications using simple, predictable cookies to verify a user’s identity are still exploited, and relatively recent vulnerabilities are still due to this very basic mistake. https://isc.sans.edu/diary/%22user%3Dadmin%22.%20Sometimes%20you%20don%27t%20even%20need%20to%20log%20in./32334 Western Digital My Cloud Vulnerability Western Digital patched a critical vulnerability in its “MyCloud” device. https://nvd.nist.gov/vuln/detail/CVE-2025-30247 sudo vulnerability exploited A recently patched vulnerability in sudo is now being exploited. https://www.sudo.ws/security/advisories/ keywords: mycloud; sudo; western digital; cookies
    Más Menos
    5 m
  • SANS Stormcast Tuesday, September 30th, 2025: Apple Patch; PAN Global Protect Scans; SSL.com signed malware (#)

    SANS Stormcast Tuesday, September 30th, 2025: Apple Patch; PAN Global Protect Scans; SSL.com signed malware (#)
    Sep 29 2025
    SANS Stormcast Tuesday, September 30th, 2025: Apple Patch; PAN Global Protect Scans; SSL.com signed malware Apple Patches Apple released patches for iOS, macOS, and visionOS, fixing a single font parsing vulnerability https://isc.sans.edu/diary/Apple%20Patches%20Single%20Vulnerability%20CVE-2025-43400/32330 Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400). Our honeypots detected an increase in scans for a Palo Alto Global Protect vulnerability. https://isc.sans.edu/diary/Increase%20in%20Scans%20for%20Palo%20Alto%20Global%20Protect%20Vulnerability%20%28CVE-2024-3400%29/32328 Nimbus Manticore / Charming Kitten Malware update Checkpoint released a report with details regarding a new Nimbus Manticore exploit kit. The malware in this case uses valid SSL.com-issued certificates. https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/ keywords: apple; ios; macos; nimus; manticode; charming kitten; ssl.com; pan;
    Más Menos
    5 m
  • SANS Stormcast Monday, September 29th, 2025: Convert Timestamps; Cisco Compromises; GitHub Notification Phishing (#)

    SANS Stormcast Monday, September 29th, 2025: Convert Timestamps; Cisco Compromises; GitHub Notification Phishing (#)
    Sep 29 2025
    SANS Stormcast Monday, September 29th, 2025: Convert Timestamps; Cisco Compromises; GitHub Notification Phishing Converting Timestamps in .bash_history Unix shells offer the ability to add timestamps to commands in the .bash_history file. This is often done in the form of Unix timestamps. This new tool converts these timestamps into a more readable format. https://isc.sans.edu/diary/New%20tool%3A%20convert-ts-bash-history.py/32324 Cisco ASA/FRD Compromises Exploitation of the vulnerabilities Cisco patched last week may have bone back about a year. Cisco and CISA have released advisories with help identifying affected devices. https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices Github Notification Phishing Github notifications are used to impersonate YCombinator and trick victims into installing a crypto drainer. https://www.bleepingcomputer.com/news/security/github-notifications-abused-to-impersonate-y-combinator-for-crypto-theft/ keywords: cisco; timestamp; bash; history; asa; firepower; ftd; github; phishing; malware
    Más Menos
    9 m