SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE;

Update: 2025-03-21

Description

Some New Data Feeds and Little Incident

We started offering additional data feeds, and an SEO spamer attempted to make us change a link from an old podcast episode.

https://isc.sans.edu/diary/Some%20new%20Data%20Feeds%2C%20and%20a%20little%20%22incident%22./31786

Veeam Deserialization Vulnerability

Veeam released details regarding the latest vulnerablity in Veeam, pointing out the insufficient patch applied to a prior deserialization vulnerability.

https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/

IBM AIX Vulnerablity

The AIX NIM service is vulnerable to an unauthenticated remote code execution vulnerability

https://www.ibm.com/support/pages/node/7186621

thanks Chris Mosby for Spotify comment

Comments

In Channel

SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco

2025-04-2405:44

SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed

2025-04-2306:18

SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE

2025-04-2205:35

ANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug

2025-04-2107:31

SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy

2025-04-1806:18

SANS Stormcast Thursday April 17th: Apple Updates; Oracle Updates; Google Chrome Updates; CVE News;

2025-04-1706:04

SANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes

2025-04-1605:54

SANS Stormcast Tuesday April 15th: xorsearch Update; Short Lived Certificates; New USB Malware

2025-04-1505:35

SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;

2025-04-1407:07

SANS Stormcast Friday April 11th: Network Infraxploit; Windows Hello Broken; Dell Update; Langflow Exploit

2025-04-1105:34

SANS Stormcast ThursdayApril 10th: Getting Past PyArmor; CenterStack RCE; Android 0-Day Patch; VMware Tanzu Patches; Odd Win11 Directory; WhatsApp File Confusion; SANS AI Guide;

2025-04-1006:35

SANS Stormcast Wednesday, April 10th: Microsoft Patch Tuesday; Adobe Patches; OpenSSL 3.5 with PQC; Fortinet

2025-04-0907:19

SANS Stormcast Tuesday, April 8th:

2025-04-0806:18

SANS Stormcast Monday April 7th 2025: New Username Report; Quickshell Vulnerability; Apache Traffic Director Request Smuggeling

2025-04-0706:14

SANS Stormcast Friday, Apr 4th: URL Frequency Analysis; Ivanti Flaw Exploited; WinRAR MotW Vuln; Tax filing scams; Oracle Breach Update

2025-04-0406:16

SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail

2025-04-0309:23

SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything;

2025-04-0207:16

SANS Stormcast Tuesday Apr 1st: Apache Camel Exploits; New Cert Authorities Requirements; Possible Oracle Breach

2025-04-0107:36

SANS Stormcast Monday, March 31st: Comparing Phishing Sites; DOH and MX Abuse Phishing; opkssh

2025-03-3107:15

SANS Stormcast Friday, March 28th: Sitecore Exploited; Blasting Past Webp; Splunk and Firefox Vulnerabilities

2025-03-2806:15

00:00

1.0x

SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE;

#box-pro-ellipsis-174548635485231{-webkit-line-clamp:2;}SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE;

SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE;

Dr. Johannes B. Ullrich

SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE;