SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln;

Update: 2025-03-11

Description

Shellcode Encoded in UUIDs

Attackers are using UUIDs to encode Shellcode. The 128 Bit (or 16 Bytes) encoded in each UUID are converted to shell code to implement a cobalt strike beacon

https://isc.sans.edu/diary/Shellcode%20Encoded%20in%20UUIDs/31752

Moxa CVE-2024-12297 Expanded to PT Switches

Moxa in January first releast an update to address a fronted authorizaation logic disclosure vulnerability. It now updated the advisory and included the PT series switches as vulenrable.

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches

Opentext Insufficently Protected Credentials

https://portal.microfocus.com/s/article/KM000037455?language=en_US

Livewire Volt API vulnerability

https://github.com/livewire/volt/security/advisories/GHSA-v69f-5jxm-hwvv

Comments

In Channel

SANS Stormcast Monday, April 28th: Image Steganography; SAP Netweaver Exploited

2025-04-2807:55

SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues;

2025-04-2506:38

SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco

2025-04-2405:44

SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed

2025-04-2306:18

SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE

2025-04-2205:35

SANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug

2025-04-2107:31

SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy

2025-04-1806:18

SANS Stormcast Thursday April 17th: Apple Updates; Oracle Updates; Google Chrome Updates; CVE News;

2025-04-1706:04

SANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes

2025-04-1605:54

SANS Stormcast Tuesday April 15th: xorsearch Update; Short Lived Certificates; New USB Malware

2025-04-1505:35

SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;

2025-04-1407:07

SANS Stormcast Friday April 11th: Network Infraxploit; Windows Hello Broken; Dell Update; Langflow Exploit

2025-04-1105:34

SANS Stormcast ThursdayApril 10th: Getting Past PyArmor; CenterStack RCE; Android 0-Day Patch; VMware Tanzu Patches; Odd Win11 Directory; WhatsApp File Confusion; SANS AI Guide;

2025-04-1006:35

SANS Stormcast Wednesday, April 10th: Microsoft Patch Tuesday; Adobe Patches; OpenSSL 3.5 with PQC; Fortinet

2025-04-0907:19

SANS Stormcast Tuesday, April 8th:

2025-04-0806:18

SANS Stormcast Monday April 7th 2025: New Username Report; Quickshell Vulnerability; Apache Traffic Director Request Smuggeling

2025-04-0706:14

SANS Stormcast Friday, Apr 4th: URL Frequency Analysis; Ivanti Flaw Exploited; WinRAR MotW Vuln; Tax filing scams; Oracle Breach Update

2025-04-0406:16

SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail

2025-04-0309:23

SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything;

2025-04-0207:16

SANS Stormcast Tuesday Apr 1st: Apache Camel Exploits; New Cert Authorities Requirements; Possible Oracle Breach

2025-04-0107:36

00:00

SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln;

#box-pro-ellipsis-174583075271834{-webkit-line-clamp:2;}SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln;

SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln;

Dr. Johannes B. Ullrich

SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln;