Talk With an Expert

Internet Storm Center Tech Corner

SANS Internet Storm Center StormCast Tuesday, May 6, 2025

Mirai Exploiting Samsung magicInfo 9; Kali Signing Key Lost

https://isc.sans.edu/podcastdetail/9438

Mirai Now Exploits Samsung MagicINFO CMS CVE-2024-7399

The Mirai botnet added a new vulnerability to its arsenal. This vulnerability, a file upload and remote code execution vulnerability in SamsungÕs MagicInfo 9 CMS, was patched last August but attracted new attention last week after being mostly ignored so far.

https://isc.sans.edu/diary/Mirai+Now+Exploits+Samsung+MagicINFO+CMS+CVE20247399/31920

New Kali Linux Signing Key

The Kali Linux maintainers lost access to the secret key used to sign packages. Users must install a new key that will be used going forward.

https://www.kali.org/blog/new-kali-archive-signing-key/

The Risk of Default Configuration: How Out-of-the-Box Helm Charts Can Breach Your Cluster

Many out-of-the-box Helm charts for Kubernetes applications deploy vulnerable configurations with exposed ports and no authentication

https://techcommunity.microsoft.com/blog/microsoftdefendercloudblog/the-risk-of-default-configuration-how-out-of-the-box-helm-charts-can-breach-your/4409560

SANS Internet Storm Center StormCast Monday, May 5, 2025

Steganography Challenge; Microsoft Makes Passkeys Default and Moves Away from Authenticator as Password Manager; Magento Components Backdoored

https://isc.sans.edu/podcastdetail/9436

Steganography Challenge

Didier published a fun steganography challenge. A solution will be offered on Saturday.

https://isc.sans.edu/diary/Steganography+Challenge/31910

Microsoft Makes Passkeys Default Authentication Method

Microsoft is now encouraging new users to use Passkeys as the ÒdefaultÓ and only login method, further moving away from passwords

https://www.microsoft.com/en-us/security/blog/2025/05/01/pushing-passkeys-forward-microsofts-latest-updates-for-simpler-safer-sign-ins/

Microsoft Authenticator Autofill Changes

Microsoft will no longer support the use of Microsoft Authenticator as a password safe. Instead, it will move users to the password prefill feature built into Microsoft Edge. This change will start in June and should be completed in August at which point you must have moved your credentials out of Microsoft Authenticator

https://support.microsoft.com/en-gb/account-billing/changes-to-microsoft-authenticator-autofill-09fd75df-dc04-4477-9619-811510805ab6

Backdoor found in popular e-commerce components

SANSEC identified several backdoored Magento e-commerce components. These backdoors were installed as far back as 2019 but only recently activated, at which point they became known. Affected vendors dispute any compromise at this point.

https://sansec.io/research/license-backdoor

View Older Issues

Catch up on recent editions of NewsBites or browse our full archive of expert-curated cybersecurity news.

Browse Archive