SANS Stormcast Wednesday, November 5th, 2025: Apple Patches; Exploits against Trucking and Logistic; Google Android Patches
Apple Patches Everything, Again
Apple released a minor OS upgrade across its lineup, fixing a number of security vulnerabilities.
https://isc.sans.edu/diary/Apple%20Patches%20Everything%2C%20Again/32448
Remote Access Tools Used to Compromise Trucking and Logistics
Attackers infect trucking and logistics companies with regular remote management tools to inject malware into other companies or learn about high-value loads in order to steal them.
https://www.proofpoint.com/us/blog/threat-insight/remote-access-real-cargo-cybercriminals-targeting-trucking-and-logistics
Google Android Patch Day
Google released its usual monthly Android updates this week
https://source.android.com/docs/security/bulletin/2025-11-01
--------
6:29
--------
6:29
SANS Stormcast Tuesday, November 4th, 2025: XWiki SolrSearch Exploits and Rapper Feud; AMD Zen 5 RDSEED Bug; More Malicious Open VSX Extensions
XWiki SolrSearch Exploit Attempts CVE-2025-24893
We have detected a number of exploit attempts against XWiki taking advantage of a vulnerability that was added to the KEV list on Friday.
https://isc.sans.edu/diary/XWiki%20SolrSearch%20Exploit%20Attempts%20%28CVE-2025-24893%29%20with%20link%20to%20Chicago%20Gangs%20Rappers/32444
AMD Zen 5 Random Number Generator Bug
The RDSEED function for AMD s Zen 5 processors does return 0 more often than it should.
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html
SleepyDuck malware invades Cursor through Open VSX
Yet another Open VSX extension stealing crypto credentials
https://secureannex.com/blog/sleepyduck-malware/
--------
6:56
--------
6:56
SANS Stormcast Monday, November 3rd, 2025: Port 8530/8531 Scans; BADCANDY Webshells; Open VSX Security Improvements
Scans for WSUS: Port 8530/8531 TCP, CVE-2025-59287
We did observe an increase in scans for TCP ports 8530 and 8531. These ports are associated with WSUS and the scans are likely looking for servers vulnerable to CVE-2025-59287
https://isc.sans.edu/diary/Scans%20for%20Port%208530%208531%20%28TCP%29.%20Likely%20related%20to%20WSUS%20Vulnerability%20CVE-2025-59287/32440
BADCANDY Webshell Implant Deployed via
The Australian Signals Directorate warns that they still see Cisco IOS XE devices not patches for CVE-2023-20198. A threat actor is now using this vulnerability to deploy the BADCANDY implant for persistent access
https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/badcandy
Improvements to Open VSX Security
In reference to the Glassworm incident, OpenVSX published a blog post outlining some of the security improvements they will make to prevent a repeat of this incident.
https://blogs.eclipse.org/post/mika l-barbero/open-vsx-security-update-october-2025
--------
6:26
--------
6:26
SANS Stormcast Friday, October 31st, 2025: Bug Bounty Headers; Exchange hardening; MOVEIt vulnerability
X-Request-Purpose: Identifying "research" and bug bounty related scans?
Our honeypots captured a few requests with bug bounty specific headers. These headers are meant to make it easier to identify requests related to bug bounty, and they are supposed to identify the researcher conducting the scans
https://isc.sans.edu/diary/X-Request-Purpose%3A%20Identifying%20%22research%22%20and%20bug%20bounty%20related%20scans%3F/32436
Proton Breach Observatory
Proton opened up its breach observatory. This website will collect information about breaches affecting companies that have not yet made the breach public.
https://proton.me/blog/introducing-breach-observatory
Microsoft Exchange Server Security Best Practices
A new document published by a collaboration of national cyber security agencies summarizes steps that should be taken to harden Exchange Server.
https://www.nsa.gov/Portals/75/documents/resources/cybersecurity-professionals/CSI_Microsoft_Exchange_Server_Security_Best_Practices.pdf?ver=9mpKKyUrwfpb9b9r4drVMg%3d%3d
MOVEit Vulnerability
Progress published an advisory for its file transfer program MOVEIt . This software has had heavily exploited vulnerabilities in the past.
https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-10932-October-29-2025
--------
6:19
--------
6:19
SANS Stormcast Thursday, October 30th, 2025: Memory Only Filesystems Forensics; Azure Outage; docker-compose patch
How to Collect Memory-Only Filesystems on Linux Systems
Getting forensically sound copies of memory-only file systems on Linux can be tricky, as tools like dd do not work.
https://isc.sans.edu/diary/How%20to%20collect%20memory-only%20filesystems%20on%20Linux%20systems/32432
Microsoft Azure Front Door Outage
Today, Microsoft s Azure Front Door service failed, leading to users not being able to authenticate to various Azure-related services.
https://azure.status.microsoft/en-us/status
Docker-Compose Vulnerability
A vulnerability in docker-compose may be used to trick users into creating files outside the docker-compose directory
https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q
Acerca de SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Escucha SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast), Global News Podcast y muchos más podcasts de todo el mundo con la aplicación de radio.net
Colombia