SANS Stormcast Thursday, October 16th, 2025: Clipboard Image Stealer; F5 Compromise; Adobe Updates; SAP Patchday
Clipboard Image Stealer
Xavier presents an infostealer in Python that steals images from the clipboard.
https://isc.sans.edu/diary/Clipboard%20Pictures%20Exfiltration%20in%20Python%20Infostealer/32372
F5 Compromise
F5 announced a wide-ranging compromise today. Source code and information about unpatched vulnerabilities were stolen.
https://my.f5.com/manage/s/article/K000157005
https://my.f5.com/manage/s/article/K000156572
https://my.f5.com/manage/s/article/K000154696
Adobe Updates
Adobe updated 12 different products yesterday.
https://helpx.adobe.com/security.html
SAP Patchday
Among the critical vulnerabilities patched in SAP s products are two deserialization vulnerabilities with a CVSS score of 10.0
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html
https://onapsis.com/blog/sap-security-patch-day-october-2025/
--------
8:40
--------
8:40
SANS Stormcast Wednesday, October 15th, 2025: Microsoft Patchday; Ivanti Advisory; Fortinet Patches
Microsoft Patch Tuesday
Microsoft not only released new patches, but also the last patches for Windows 10, Office 2016, Office 2019, Exchange 2016 and Exchange 2019.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20October%202025/32368
Ivanti Advisory
Ivanti released an advisory with some mitigation steps users can take until the recently made public vulnerablities are patched.
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025?language=en_US
Fortinet Patches
https://fortiguard.fortinet.com/psirt/FG-IR-25-010
https://fortiguard.fortinet.com/psirt/FG-IR-24-361
--------
6:22
--------
6:22
SANS Stormcast Tuesday, October 14th, 2025: ESAFENET Scans; Payroll Priates; MSFT Edge IE Mode
Scans for ESAFENET CDG V5
We do see some increase in scans for the Chinese secure document management system, ESAFENET.
https://isc.sans.edu/diary/Heads%20Up%3A%20Scans%20for%20ESAFENET%20CDG%20V5%20/32364
Investigating targeted payroll pirate attacks affecting US universities
Microsoft wrote about how payroll pirates redirect employee paychecks via phishing.
https://www.microsoft.com/en-us/security/blog/2025/10/09/investigating-targeted-payroll-pirate-attacks-affecting-us-universities/
Attacks against Edge via IE Mode
Microsoft Edge offers an IE legacy mode to support websites created for Internet Explorer. The old JavaScript engine, which is part of this mode, has been abused in recent attacks, and Microsoft will make it more difficult to enable IE Mode to counter these attacks.
https://microsoftedge.github.io/edgevr/posts/Changes-to-Internet-Explorer-Mode-in-Microsoft-Edge/
--------
6:02
--------
6:02
SANS Stormcast Monday, October 13th, 2025: More Oracle Patches; Sonicwall Compromisses; Unpatched Gladinet; 7-Zip Patches
New Oracle E-Business Suite Patches
Oracle released one more patch for the e-business suite. Oracle does not state if it is already exploited, but the timing of the patch suggests that it should be expedited.
https://www.oracle.com/security-alerts/alert-cve-2025-61884.html
Widespread Sonicwall SSLVPN Compromise
Huntress Labs observed the widespread compromise of the Sonicwall SSLVPN appliance.
https://www.huntress.com/blog/sonicwall-sslvpn-compromise
Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371)
An unpatched vulnerability in the secure file sharing solutions Gladinet CentreStack and TrioFox is being exploited.
https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw
Two 7-Zip Vulnerabilities CVE-2025-11002, CVE-2025-11001
7-Zip patched two vulnerabilities that may lead to arbitrary code execution
https://www.zerodayinitiative.com/advisories/ZDI-25-949/
https://www.zerodayinitiative.com/advisories/ZDI-25-950/
--------
5:56
--------
5:56
SANS Stormcast Friday, October 10th, 2025: RedTail Defenses; SonicWall Breach; Crowdstrike “Issues”; Ivanti 0-days; Mapping Agentic Attack Surface (@sans_edu paper)
Building Better Defenses: RedTail Observations
Defending against attacks like RedTail is more then blocking IoCs, but instead one must focus on the techniques and tactics attackers use.
https://isc.sans.edu/diary/Guest+Diary+Building+Better+Defenses+RedTail+Observations+from+a+Honeypot/32312
Sonicwall: It wasn t the user s fault
Sonicwall admits to a breach resulting in the loss of user configurations stored in its cloud service
https://www.sonicwall.com/support/knowledge-base/mysonicwall-cloud-backup-file-incident/250915160910330
Crowdstrike has Issues
Crowdstrike fixes two vulnerabilities in the Windows version of its Falcon sensor.
https://www.crowdstrike.com/en-us/security-advisories/issues-affecting-crowdstrike-falcon-sensor-for-windows/
Interrogators: Attack Surface Mapping in an Agentic World
A SANS.edu master s degree student research paper by Michael Samson
https://isc.sans.edu/researchpapers/pdfs/michael_samson.pdf
keywords: ai; agentic; attack surface; crowdstrike; sonicwall; ivanti; zero day; initiative; redline
O SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Słuchaj SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast), Polityka Insight Podcast i wielu innych podcastów z całego świata dzięki aplikacji radio.pl
Polska