Talk With an Expert

Internet Storm Center Tech Corner

Internet Storm Center StormCast Tuesday, April 1, 2025

Apache Camel Exploits; New Cert Authorities Requirements; Possible Oracle Breach

https://isc.sans.edu/podcastdetail/9388

Apache Camel Exploit Attempt by Vulnerability Scans

A recently patched vulnerability in Apache Camel has been integrated into some vulnerability scanners, like for example OpenVAS. We do see some exploit attempts in our honeypots, but they appear to be part of internal vulnerability scans

https://isc.sans.edu/diary/Apache+Camel+Exploit+Attempt+by+Vulnerability+Scan+CVE202527636+CVE202529891/31814

New Security Requirements for Certificate Authorities

Starting in July, certificate authorities need to verify domain ownership data from multiple viewpoints around the internet. They will also have to use linters to verify certificate requests.

https://security.googleblog.com/2025/03/new-security-requirements-adopted-by.html

Possible Oracle Breach

Oracle still denies being the victim of a data breach as leaked data may show different.

https://doublepulsar.com/oracle-attempt-to-hide-serious-cybersecurity-incident-from-customers-in-oracle-saas-service-9231c8daff4a

https://www.theregister.com/2025/03/30/infosec_news_in_brief/

https://www.darkreading.com/cyberattacks-data-breaches/oracle-still-denies-breach-researchers-persist

Internet Storm Center StormCast Monday, March 31, 2025

Comparing Phishing Sites; DOH and MX Abuse Phishing; opkssh

https://isc.sans.edu/podcastdetail/9386

A Tale of Two Phishing Sties

Two phishing sites may use very different backends, even if the site itself appears to be visually very similar. Phishing kits are often copied and modified, leading to sites using similar visual tricks on the user facing site, but very different backends to host the sites and reporting data to the miscreant.

https://isc.sans.edu/diary/A+Tale+of+Two+Phishing+Sites/31810

A Phishing Tale of DOH and DNS MX Abuse

Infoblox discovered a new variant of the Meerkat phishing kit that uses DoH in Javascript to discover MX records, and generate better customized phishing pages.

https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/

Using OpenID Connect for SSH

Cloudflare opensourced it's OPKSSH too. It integrates SSO systems supporting OpenID connect with SSH.

https://github.com/openpubkey/opkssh/

View Older Issues

Catch up on recent editions of NewsBites or browse our full archive of expert-curated cybersecurity news.

Browse Archive