SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code

Update: 2025-01-29

Description

Learn about fileless crypto stealers written in Python, the ongoing exploitation of recent SimpleHelp vulnerablities, new Apple Silicon Sidechannel attacks a Team Viewer Vulnerablity and an odd QR Code

Fileless Python InfoStealer Targeting Exodus

This Python script targets Exodus crypto wallet and password managers to steal crypto currencies. It does not save exfiltrated data in files, but keeps it in memory for exfiltration

https://isc.sans.edu/diary/Fileless%20Python%20InfoStealer%20Targeting%20Exodus/31630

Campaign Exploiting SimpleHelp Vulnerablity

Arcticwolf observed attacks exploiting SimpleHelp for initial access to networks. It has not been verified, but is assumed that vulnerabilities made public about a week ago are being exploited.

https://arcticwolf.com/resources/blog-uk/arctic-wolf-observes-campaign-exploiting-simplehelp-rmm-software-initial-access/

Two new Side Channel Vulnerabilities in Apple Silicon

SLAP (Data Speculation Attacks via Load Address Prediction): This attack exploits the Load Address Predictor in Apple CPUs starting with the M2/A15, allowing unauthorized access to sensitive data by mispredicting memory addresses. FLOP (Breaking the Apple M3 CPU via False Load Output Predictions): This attack targets the Load Value Predictor in Apple's M3/A17 CPUs, enabling attackers to execute arbitrary computations on incorrect data, potentially leaking sensitive information.

https://predictors.fail/

Teamviewer Security Bulletin

Teamviewer patched a privilege escalation vulnerability CVE-2025-0065

https://www.teamviewer.com/en-us/resources/trust-center/security-bulletins/tv-2025-1001/

Odd QR Code

A QR code may resolve to a different URL if looked at at an angle.

https://mstdn.social/@isziaui/113874436953157913

Limited Discount for SANS Baltimore

https://sans.org/u/1zQd

Comments

Top Podcasts

The Best New Comedy Podcast Right Now – June 2024 The Best News Podcast Right Now – June 2024 The Best New Business Podcast Right Now – June 2024 The Best New Sports Podcast Right Now – June 2024 The Best New True Crime Podcast Right Now – June 2024 The Best New Joe Rogan Experience Podcast Right Now – June 20 The Best New Dan Bongino Show Podcast Right Now – June 20 The Best New Mark Levin Podcast – June 2024

In Channel

SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch

2025-01-3005:33

SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code

2025-01-2906:07

SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches

2025-01-2806:14

SANS ISC Stormcast, Jan 27, 2025: Access Brokers; Llama Stack Vuln; ESXi SSH Tunnels; Zyxel Boot Loops; Subary StarLeak

2025-01-2706:28

SANS ISC Stormcast, Jan 24, 2025: XSS in Email, SonicWall Exploited; Cisco Vulnerablities; AI and SOAR (@sans_edu research paper by Anthony Russo)

2025-01-2414:45

SANS ISC Stormcast, Jan 23, 2025: PFSync Protocol; Oracle CPU; Korean VPN Supply Chain Attack; Ivanti Guidance

2025-01-2207:49

SANS ISC Stormcast, Jan 22, 2025: Geolocation via Starlink and Cloudflare; AI Prompt Risks; Homebrew Phishing

2025-01-2209:16

SANS ISC Stormcast, Jan 21, 2025: Downloading Partial ZIP files; Remote Tools Used in Attakcs; Azure DevOps SSRF

2025-01-2106:20

SANS ISC Stormcast, Jan 20, 2025: Honeypots for Offense; SimpleHelp and UEFI Secure Boot Vulnerabilities

2025-01-2003:24

SANS ISC Stormcast, Jan 17, 2025: Analyzing Complex Datasets, Citrix Update Issues, Ivanti's Security Advisory, and the Future of Passkeys (@sans_edu)

2025-01-1712:50

SANS ISC Stormcast, Jan 16, 2025: Critical Vulnerabilities and Cybersecurity Updates You Need to Know

2025-01-1609:02

SANS ISC Stormcast, Jan 14 2025: Microsoft Patch Tuesday, FortiOS and FortiProxy Patches; Paessler PRTG Patches

2025-01-1507:48

SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics

2025-01-1307:51

SANS ISC Stormcast, Jan 13, 2025: Defender Updates, Ivanti RCE, Apple USB-C Hack and more

2025-01-1306:43

SANS ISC Stormcast: Cryptomining Malware, Fake PoC Exploit, Malicious Browser Extensions, and Palo Alto Vulnerabilities. Jan 9th 2024

2025-01-1007:19

SANS ISC Stormcast, Jan 9, 2025: Critical Vulnerabilities in Ivanti, Aviatrix, and Hijacked Backdoors in Compromised Systems

2025-01-0906:04

SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker – Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark

2025-01-0806:39

ISC StormCast for Tuesday, January 7th, 2025

2025-01-0704:52

ISC StormCast for Monday, January 6th, 2025

2025-01-0608:17

ISC StormCast for Friday, December 20th, 2024

2024-12-2005:59

00:00

SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code

#box-pro-ellipsis-173825434607281{-webkit-line-clamp:2;}SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code

SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code

Dr. Johannes B. Ullrich

SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code