DiscoverSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS Stormcast Friday, May 9th: SSH Exfil Tricks; magicINFO still vulnerable; SentinelOne Vulnerability; Commvault insufficient patch
SANS Stormcast Friday, May 9th: SSH Exfil Tricks; magicINFO still vulnerable; SentinelOne Vulnerability; Commvault insufficient patch

SANS Stormcast Friday, May 9th: SSH Exfil Tricks; magicINFO still vulnerable; SentinelOne Vulnerability; Commvault insufficient patch

Update: 2025-05-09
Share

Description



No Internet Access: SSH to the Rescue

If faced with restrictive outbound network access policies, a single inbound SSH connection can quickly be turned into a tunnel or a full-blown VPN

https://isc.sans.edu/diary/No%20Internet%20Access%3F%20SSH%20to%20the%20Rescue!/31932

SAMSUNG magicINFO 9 Server Flaw Still exploitable

The SAMSUNG magicINFO 9 Server Vulnerability we found being exploited last week is apparently still not completely patched, and current versions are vulnerable to the exploit observed in the wild.

https://www.huntress.com/blog/rapid-response-samsung-magicinfo9-server-flaw

Bring Your Own Installer: Bypassing SentinelOne Through Agent Version Change Interruption

SentinelOne s installer is vulnerable to an exploit allowing attackers to shut down the end point protection software

https://www.aon.com/en/insights/cyber-labs/bring-your-own-installer-bypassing-sentinelone

Commvault Still Exploitable

A recent patch for Commvault is apparently ineffective and the PoC exploit published by watchTowr is still working against up to date patched systems

https://infosec.exchange/@wdormann/114458913006792356
Comments 
In Channel
SANS Stormcast Friday, June 20th, 2025: New Employee Phishing; Malicious Tech Support Links; Social Engineering App Sepecific Passwords

SANS Stormcast Friday, June 20th, 2025: New Employee Phishing; Malicious Tech Support Links; Social Engineering App Sepecific Passwords

2025-06-2005:46

SANS Stormcast Monday, June 16th, 2025: Extracting Data from JPEG; Windows Recall Export; Anubis Wiper; Mitel Vuln and PoC

SANS Stormcast Monday, June 16th, 2025: Extracting Data from JPEG; Windows Recall Export; Anubis Wiper; Mitel Vuln and PoC

2025-06-1705:46

SANS Stormcast Monday, June 16th, 2025: Katz Stealer in JPG; JavaScript Attacks; Reviving expired Discord Invites for Evil

SANS Stormcast Monday, June 16th, 2025: Katz Stealer in JPG; JavaScript Attacks; Reviving expired Discord Invites for Evil

2025-06-1606:44

SANS Stormcast Friday, June 13th, 2025: Honeypot Scripts; EchoLeak MSFT Copilot Vuln; Thunderbolt mailbox URL Vuln;

SANS Stormcast Friday, June 13th, 2025: Honeypot Scripts; EchoLeak MSFT Copilot Vuln; Thunderbolt mailbox URL Vuln;

2025-06-1305:43

SANS Stormcast Thursday, June 12th, 2025: Quasar RAT; Windows 11 24H2 Delay; SMB Client Vuln PoC; Connectwise Signing Keys; KDE Telnet code exec

SANS Stormcast Thursday, June 12th, 2025: Quasar RAT; Windows 11 24H2 Delay; SMB Client Vuln PoC; Connectwise Signing Keys; KDE Telnet code exec

2025-06-1206:27

SANS Stormcast Wednesday, June 11th, 2025: Microsoft Patch Tuesday; Acrobat Patches

SANS Stormcast Wednesday, June 11th, 2025: Microsoft Patch Tuesday; Acrobat Patches

2025-06-1106:58

SANS Stormcast June, Tuesday, June 10th, 2025: Octosql; Mirai vs. Wazuh DNS4EU; Wordpress Fair Package Manager

SANS Stormcast June, Tuesday, June 10th, 2025: Octosql; Mirai vs. Wazuh DNS4EU; Wordpress Fair Package Manager

2025-06-1006:09

SANS Stormcast June, June 9th, 2025: Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script

SANS Stormcast June, June 9th, 2025: Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script

2025-06-0905:43

SANS Stormcast Friday, June 6th, 2025: Fake Zoom Clients; Python tarfile vulnerability; HPE Insight Remote Support Patch

SANS Stormcast Friday, June 6th, 2025: Fake Zoom Clients; Python tarfile vulnerability; HPE Insight Remote Support Patch

2025-06-0605:01

SANS Stormcast Thursday, June 5th, 2025: Phishing Comment Trick; AWS default logging mode change; Cisco Backdoor Fixed; Infoblox Vulnerability Details Released

SANS Stormcast Thursday, June 5th, 2025: Phishing Comment Trick; AWS default logging mode change; Cisco Backdoor Fixed; Infoblox Vulnerability Details Released

2025-06-0505:26

SANS Stormcast Wednesday, June 4th, 2025: vBulletin Exploited; Chrome 0-Day Patch; Roundcube RCE Patch; Multiple HP StoreOnce Vulns Patched

SANS Stormcast Wednesday, June 4th, 2025: vBulletin Exploited; Chrome 0-Day Patch; Roundcube RCE Patch; Multiple HP StoreOnce Vulns Patched

2025-06-0407:25

SANS Stormcast Tuesday, June 3rd, 2025: Windows SSH C2; Google Removes CAs from trusted list; MSFT issues Emergency Patch to fix Crash issue; Qualcom Adreno GPU 0-day

SANS Stormcast Tuesday, June 3rd, 2025: Windows SSH C2; Google Removes CAs from trusted list; MSFT issues Emergency Patch to fix Crash issue; Qualcom Adreno GPU 0-day

2025-06-0306:06

SANS Stormcast Monday, June 2nd, 2025: PNG with RAT; Cisco IOS XE WLC Exploit; vBulletin Exploit

SANS Stormcast Monday, June 2nd, 2025: PNG with RAT; Cisco IOS XE WLC Exploit; vBulletin Exploit

2025-06-0205:42

SANS Stormcast Friday, May 30th 2025: Alternate Data Streams; Connectwise Breach; Google Calendar C2;

SANS Stormcast Friday, May 30th 2025: Alternate Data Streams; Connectwise Breach; Google Calendar C2;

2025-05-3013:47

SANS Stormcast Thursday May 29th 2025: LLM Assisted Analysis; MSP Ransomware; Everetz Vulnerability

SANS Stormcast Thursday May 29th 2025: LLM Assisted Analysis; MSP Ransomware; Everetz Vulnerability

2025-05-2906:10

SANS Stormcast Wednesday May 28th 2025: Securing authorized_keys; ADAuditPlus SQL Injection; Dero Miner vs Docker API

SANS Stormcast Wednesday May 28th 2025: Securing authorized_keys; ADAuditPlus SQL Injection; Dero Miner vs Docker API

2025-05-2806:37

SANS Stormcast Tuesday, May 27th 2025: SVG Steganography; Fortinet PoC; GitLab Duo Prompt Injection

SANS Stormcast Tuesday, May 27th 2025: SVG Steganography; Fortinet PoC; GitLab Duo Prompt Injection

2025-05-2707:13

SANS Stormcast Friday, May 23rd 2025: Backup Connectivity; Windows 2025 dMSA Abuse; Samlify Vulnerability

SANS Stormcast Friday, May 23rd 2025: Backup Connectivity; Windows 2025 dMSA Abuse; Samlify Vulnerability

2025-05-2307:54

SANS Stormcast Thursday, May 22nd 2025: Crypto Confidence Scams; Extension Mayhem for VS Code and Chrome

SANS Stormcast Thursday, May 22nd 2025: Crypto Confidence Scams; Extension Mayhem for VS Code and Chrome

2025-05-2206:21

SANS Stormcast Wednesday, May 21st 2025: Researchers Scanning the Internet; Forgotten DNS Records; openpgp.js Vulneraiblity

SANS Stormcast Wednesday, May 21st 2025: Researchers Scanning the Internet; Forgotten DNS Records; openpgp.js Vulneraiblity

2025-05-2107:51

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SANS Stormcast Friday, May 9th: SSH Exfil Tricks; magicINFO still vulnerable; SentinelOne Vulnerability; Commvault insufficient patch

SANS Stormcast Friday, May 9th: SSH Exfil Tricks; magicINFO still vulnerable; SentinelOne Vulnerability; Commvault insufficient patch

Dr. Johannes B. Ullrich