Talk With an Expert

Internet Storm Center Tech Corner

SANS ISC Stormcast, Tuesday, January 28, 2025

This episode shows how attackers are bypassing phishing filter by abusing the "shy" softhyphen HTML entity. We got an update from Apple fixing a 0-day vulnerability in addition to a number of other issues. watchTowr show how to exploit an interesting FortiOS vulnerability and we have patches for Github Desktop and Apache Solr

https://isc.sans.edu/podcastdetail/9298

An unusal shy z-wasp phish

How the soft hyphen "shy" HTML entity can be abused to bypass e-mail filters

https://isc.sans.edu/diary/An+unusual+shy+zwasp+phishing/31626

Apple Patches

Apple released patches for all of its operating systems, fixing a 0-day vulnerability among many others issues

https://support.apple.com/en-us/100100

Get Fortirekt I am the Super_admin now

Details about a recent FortiOS Vulnerability

https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/

GitHub Desktop Vulnerability

https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html

Apache Solr Vulnerability

https://solr.apache.org/security.html#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access

SANS ISC Stormcast, Monday, January 27, 2025

Access Brokers; Llama Stack Vuln; ESXi SSH Tunnels; Zyxel Boot Loops; Subaru StarLeak

https://isc.sans.edu/podcastdetail/9296

Guest Diary: How Access Brokers Maintain Persistence

Explore how cybercriminals utilize access brokers to persist within networks and the impact this has on organizational security.

https://isc.sans.edu/forums/diary/Guest+Diary+How+Access+Brokers+Maintain+Persistence/31600/

Critical Vulnerability in Meta's Llama Stack (CVE-2024-50050)

A deep dive into CVE-2024-50050, a critical vulnerability affecting Meta's Llama Stack, with exploitation details and mitigation strategies.

https://www.oligo.security/blog/cve-2024-50050-critical-vulnerability-in-meta-llama-llama-stack

ESXi Ransomware and SSH Tunneling Defense Strategies

Learn how to fortify your infrastructure against ransomware targeting ESXi environments, focusing on SSH tunneling and proactive measures.

https://www.sygnia.co/blog/esxi-ransomware-ssh-tunneling-defense-strategies/

Zyxel USG FLEX/ATP Series Application Signature Recovery Steps

Addressing issues with Zyxel's USG FLEX/ATP Series application signatures as of January 24, 2025, with a detailed recovery guide.

https://support.zyxel.eu/hc/en-us/articles/24159250192658-USG-FLEX-ATP-Series-Recovery-Steps-for-Application-Signature-Issue-on-January-24th-2025

Subaru Starlink Vulnerability Exposed Cars to Remote Hacking

Discussing how a vulnerability in Subaru's Starlink system left vehicles susceptible to remote exploitation and the steps taken to resolve it.

https://www.securityweek.com/subaru-starlink-vulnerability-exposed-cars-to-remote-hacking/

View Older Issues

Catch up on recent editions of NewsBites or browse our full archive of expert-curated cybersecurity news.

Browse Archive