DiscoverSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS Stormcast June, June 9th, 2025: Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script
SANS Stormcast June, June 9th, 2025: Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script

SANS Stormcast June, June 9th, 2025: Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script

Update: 2025-06-09
Share

Description



Extracting With pngdump.py

Didier extended his pngdump.py script to make it easier to extract additional data appended to the end of the image file.

https://isc.sans.edu/diary/Extracting%20With%20pngdump.py/32022

16 React Native Packages for GlueStack Backdoored Overnight

16 npm packages with over a million weekly downloads between them were compromised. The compromised packages include a remote admin tool that was seen before in similar attacks.

https://www.aikido.dev/blog/supply-chain-attack-on-react-native-aria-ecosystem

Atomic MacOS Stealer Exploits Clickfix

MacOS users are now also targeted by fake captchas, tricking users into running exploit code.

https://www.cloudsek.com/blog/amos-variant-distributed-via-clickfix-in-spectrum-themed-dynamic-delivery-campaign-by-russian-speaking-hackers

Microsoft INETPUB Script

Microsoft published a simple PowerShell script to restore the inetpub folder in case you removed it by mistake.

https://www.powershellgallery.com/packages/Set-InetpubFolderAcl/1.0
Comments 
In Channel
SANS Stormcast Friday, July 18th, 2025: Extended File Attributes; Critical Cisco ISE Patch; VMWare Patches; Quarterly Oracle Patches

SANS Stormcast Friday, July 18th, 2025: Extended File Attributes; Critical Cisco ISE Patch; VMWare Patches; Quarterly Oracle Patches

2025-07-1804:55

SANS Stormcast Thursday, July 17th, 2025: catbox.moe abuse; Sonicwall Attacks; Rendering Issues

SANS Stormcast Thursday, July 17th, 2025: catbox.moe abuse; Sonicwall Attacks; Rendering Issues

2025-07-1705:09

SANS Stormcast Wednesday, July 16th, 2025: ADS Keystroke Logger; Fake Homebrew; Broadcom Altiris RCE; Malicious Cursor AI Extensions

SANS Stormcast Wednesday, July 16th, 2025: ADS Keystroke Logger; Fake Homebrew; Broadcom Altiris RCE; Malicious Cursor AI Extensions

2025-07-1605:45

SANS Stormcast Monday, July 14th, 2025: Web Honeypot Log Volume; Browser Extension Malware; RDP Forensics

SANS Stormcast Monday, July 14th, 2025: Web Honeypot Log Volume; Browser Extension Malware; RDP Forensics

2025-07-1506:10

SANS Stormcast Monday, July 14th, 2025: Suspect Domain Feed; Wing FTP Exploited; FortiWeb Exploited; NVIDIA GPU Rowhammer

SANS Stormcast Monday, July 14th, 2025: Suspect Domain Feed; Wing FTP Exploited; FortiWeb Exploited; NVIDIA GPU Rowhammer

2025-07-1406:53

SANS Stormcast Friday, July 11th, 2025: SSH Tunnel; FortiWeb SQL Injection; Ruckus Unpatched Vuln; Missing Motherboard Patches;

SANS Stormcast Friday, July 11th, 2025: SSH Tunnel; FortiWeb SQL Injection; Ruckus Unpatched Vuln; Missing Motherboard Patches;

2025-07-1105:48

SANS Stormcast Thursday, July 10th, 2025: Internal CA with ACME; TapJacking on Android; Adobe Patches;

SANS Stormcast Thursday, July 10th, 2025: Internal CA with ACME; TapJacking on Android; Adobe Patches;

2025-07-1005:18

SANS Stormcast Wednesday, July 9th, 2025: Microsoft Patches; Opposum Attack;

SANS Stormcast Wednesday, July 9th, 2025: Microsoft Patches; Opposum Attack;

2025-07-0907:44

SANS Stormcast Tuesday, July 8th, 2025: Detecting Filename (Windows); Atomic Stealer now with Backdoor; SEO Scams

SANS Stormcast Tuesday, July 8th, 2025: Detecting Filename (Windows); Atomic Stealer now with Backdoor; SEO Scams

2025-07-0805:29

SANS Stormcast Monday, July 7th, 2025: interesting usernames; More sudo issues; CitrixBleed2 PoC; Short Lived Certs

SANS Stormcast Monday, July 7th, 2025: interesting usernames; More sudo issues; CitrixBleed2 PoC; Short Lived Certs

2025-07-0705:48

SANS Stormcast Thursday July 3rd, 2025: sudo problems; polymorphic zip files; cisco vulnerablity

SANS Stormcast Thursday July 3rd, 2025: sudo problems; polymorphic zip files; cisco vulnerablity

2025-07-0305:20

SANS Stormcast Monday June 30th, 2025: Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resliliency Initiative

SANS Stormcast Monday June 30th, 2025: Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resliliency Initiative

2025-06-3007:29

SANS Stormcast Friday, June 27th, 2025: Open-VSX Flaw; Airoha Bluetooth Vulnerablity; Critical Cisco Identity Service Engine Vuln;

SANS Stormcast Friday, June 27th, 2025: Open-VSX Flaw; Airoha Bluetooth Vulnerablity; Critical Cisco Identity Service Engine Vuln;

2025-06-2706:47

SANS Stormcast Thursday, June 26th, 2025: Another Netscaler Vuln; CentOS Web Panel Vuln; IP Based Certs

SANS Stormcast Thursday, June 26th, 2025: Another Netscaler Vuln; CentOS Web Panel Vuln; IP Based Certs

2025-06-2605:53

SANS Stormcast Tuesday, June 24th, 2025: Telnet/SSH Scan Evolution; Fake Sonicwall Software; File-Fix vs Click-Fix

SANS Stormcast Tuesday, June 24th, 2025: Telnet/SSH Scan Evolution; Fake Sonicwall Software; File-Fix vs Click-Fix

2025-06-2504:03

SANS Stormcast Tuesday, June 24th, 2025: Ichano ATHome IP Camera Scans; Netscaler Vulnerability; WinRar Vulnerability

SANS Stormcast Tuesday, June 24th, 2025: Ichano ATHome IP Camera Scans; Netscaler Vulnerability; WinRar Vulnerability

2025-06-2405:04

SANS Stormcast Monday, June 23rd, 2025: ADS and Python; More Secure Cloud PCs; Zend.to Path Traversal; Parser Differentials

SANS Stormcast Monday, June 23rd, 2025: ADS and Python; More Secure Cloud PCs; Zend.to Path Traversal; Parser Differentials

2025-06-2305:36

SANS Stormcast Friday, June 20th, 2025: New Employee Phishing; Malicious Tech Support Links; Social Engineering App Sepecific Passwords

SANS Stormcast Friday, June 20th, 2025: New Employee Phishing; Malicious Tech Support Links; Social Engineering App Sepecific Passwords

2025-06-2005:46

SANS Stormcast Monday, June 16th, 2025: Extracting Data from JPEG; Windows Recall Export; Anubis Wiper; Mitel Vuln and PoC

SANS Stormcast Monday, June 16th, 2025: Extracting Data from JPEG; Windows Recall Export; Anubis Wiper; Mitel Vuln and PoC

2025-06-1705:46

SANS Stormcast Monday, June 16th, 2025: Katz Stealer in JPG; JavaScript Attacks; Reviving expired Discord Invites for Evil

SANS Stormcast Monday, June 16th, 2025: Katz Stealer in JPG; JavaScript Attacks; Reviving expired Discord Invites for Evil

2025-06-1606:44

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SANS Stormcast June, June 9th, 2025: Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script

SANS Stormcast June, June 9th, 2025: Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script

Dr. Johannes B. Ullrich