SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches
Update: 2025-01-28
Description
This episode shows how attackers are bypassing phishing filter by abusing the "shy" softhyphen HTML entitiy. We got an update from Apple fixing a 0-day vulnerability in addition to a number of other issues. watchTowr show how to exploit an interesting FortiOS vulnerability and we have patches for Github Desktop and Apache Solr
An unusal shy z-wasp phish
https://isc.sans.edu/diary/An%20unusual%20%22shy%20z-wasp%22%20phishing/31626
How the soft hyphen "shy" HTML entity can be abused to bypass e-mail filters
Apple Patches
https://support.apple.com/en-us/100100
Apple released patches for all of its operating systems, fixing a 0-day vulnerability among many others issues
Get Fortirekt I am the Super_admin now
https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/
Details about a recent FortiOS Vulnerability
GitHub Desktop Vulnerability
https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html
Apache Solr Vulnerability
https://solr.apache.org/security.html#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access
Comments
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
