SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch

Update: 2025-01-30

Description

From PowerShell to a Python Obfuscation Race!

This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows

https://isc.sans.edu/diary/From%20PowerShell%20to%20a%20Python%20Obfuscation%20Race!/31634

Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices

An exploit for this week's Fortinet vulnerability is for sale on russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release

https://x.com/MonThreat/status/1884577840185643345

https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376

The Tainted Voyage: Uncovering Voyager's Vulnerabilities

Sonarcube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads.

https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/

Hackers exploit critical unpatched flaw in Zyxel CPE devices

A currently unpatches vulnerablity in Zyxel devices is actively exploited.

https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/

VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)

VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346

Comments

Top Podcasts

The Best New Comedy Podcast Right Now – June 2024 The Best News Podcast Right Now – June 2024 The Best New Business Podcast Right Now – June 2024 The Best New Sports Podcast Right Now – June 2024 The Best New True Crime Podcast Right Now – June 2024 The Best New Joe Rogan Experience Podcast Right Now – June 20 The Best New Dan Bongino Show Podcast Right Now – June 20 The Best New Mark Levin Podcast – June 2024

In Channel

SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch

2025-01-3005:33

SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code

2025-01-2906:07

SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches

2025-01-2806:14

SANS ISC Stormcast, Jan 27, 2025: Access Brokers; Llama Stack Vuln; ESXi SSH Tunnels; Zyxel Boot Loops; Subary StarLeak

2025-01-2706:28

SANS ISC Stormcast, Jan 24, 2025: XSS in Email, SonicWall Exploited; Cisco Vulnerablities; AI and SOAR (@sans_edu research paper by Anthony Russo)

2025-01-2414:45

SANS ISC Stormcast, Jan 23, 2025: PFSync Protocol; Oracle CPU; Korean VPN Supply Chain Attack; Ivanti Guidance

2025-01-2207:49

SANS ISC Stormcast, Jan 22, 2025: Geolocation via Starlink and Cloudflare; AI Prompt Risks; Homebrew Phishing

2025-01-2209:16

SANS ISC Stormcast, Jan 21, 2025: Downloading Partial ZIP files; Remote Tools Used in Attakcs; Azure DevOps SSRF

2025-01-2106:20

SANS ISC Stormcast, Jan 20, 2025: Honeypots for Offense; SimpleHelp and UEFI Secure Boot Vulnerabilities

2025-01-2003:24

SANS ISC Stormcast, Jan 17, 2025: Analyzing Complex Datasets, Citrix Update Issues, Ivanti's Security Advisory, and the Future of Passkeys (@sans_edu)

2025-01-1712:50

SANS ISC Stormcast, Jan 16, 2025: Critical Vulnerabilities and Cybersecurity Updates You Need to Know

2025-01-1609:02

SANS ISC Stormcast, Jan 14 2025: Microsoft Patch Tuesday, FortiOS and FortiProxy Patches; Paessler PRTG Patches

2025-01-1507:48

SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics

2025-01-1307:51

SANS ISC Stormcast, Jan 13, 2025: Defender Updates, Ivanti RCE, Apple USB-C Hack and more

2025-01-1306:43

SANS ISC Stormcast: Cryptomining Malware, Fake PoC Exploit, Malicious Browser Extensions, and Palo Alto Vulnerabilities. Jan 9th 2024

2025-01-1007:19

SANS ISC Stormcast, Jan 9, 2025: Critical Vulnerabilities in Ivanti, Aviatrix, and Hijacked Backdoors in Compromised Systems

2025-01-0906:04

SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker – Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark

2025-01-0806:39

ISC StormCast for Tuesday, January 7th, 2025

2025-01-0704:52

ISC StormCast for Monday, January 6th, 2025

2025-01-0608:17

ISC StormCast for Friday, December 20th, 2024

2024-12-2005:59

00:00

SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch

#box-pro-ellipsis-173825420063088{-webkit-line-clamp:2;}SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch

SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch

Dr. Johannes B. Ullrich

SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch