Artwork

Sisällön tarjoaa Johannes B. Ullrich. Johannes B. Ullrich tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.
Player FM - Podcast-sovellus
Siirry offline-tilaan Player FM avulla!

SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch (#)

5:33
 
Jaa
 

Manage episode 463941467 series 3433692
Sisällön tarjoaa Johannes B. Ullrich. Johannes B. Ullrich tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.
SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch From PowerShell to a Python Obfuscation Race! This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows https://isc.sans.edu/diary/From%20PowerShell%20to%20a%20Python%20Obfuscation%20Race!/31634 Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices An exploit for this week's Fortinet vulnerability is for sale on russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release https://x.com/MonThreat/status/1884577840185643345 https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376 The Tainted Voyage: Uncovering Voyager's Vulnerabilities Sonarcube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads. https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/ Hackers exploit critical unpatched flaw in Zyxel CPE devices A currently unpatches vulnerablity in Zyxel devices is actively exploited. https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/ VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217) VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346 keywords: vmware; avi load balancer; sql injection; voyager; laravel; php; zyxel; fortinet; python; powershell; garmin
  continue reading

1001 jaksoa

Artwork
iconJaa
 
Manage episode 463941467 series 3433692
Sisällön tarjoaa Johannes B. Ullrich. Johannes B. Ullrich tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.
SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch From PowerShell to a Python Obfuscation Race! This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows https://isc.sans.edu/diary/From%20PowerShell%20to%20a%20Python%20Obfuscation%20Race!/31634 Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices An exploit for this week's Fortinet vulnerability is for sale on russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release https://x.com/MonThreat/status/1884577840185643345 https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376 The Tainted Voyage: Uncovering Voyager's Vulnerabilities Sonarcube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads. https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/ Hackers exploit critical unpatched flaw in Zyxel CPE devices A currently unpatches vulnerablity in Zyxel devices is actively exploited. https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/ VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217) VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346 keywords: vmware; avi load balancer; sql injection; voyager; laravel; php; zyxel; fortinet; python; powershell; garmin
  continue reading

1001 jaksoa

모든 에피소드

×
 
Loading …

Tervetuloa Player FM:n!

Player FM skannaa verkkoa löytääkseen korkealaatuisia podcasteja, joista voit nauttia juuri nyt. Se on paras podcast-sovellus ja toimii Androidilla, iPhonela, ja verkossa. Rekisteröidy sykronoidaksesi tilaukset laitteiden välillä.

 

Pikakäyttöopas

Kuuntele tämä ohjelma tutkiessasi
Toista