SANS Stormcast June, June 9th, 2025: Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script
Extracting With pngdump.py
Didier extended his pngdump.py script to make it easier to extract additional data appended to the end of the image file.
https://isc.sans.edu/diary/Extracting%20With%20pngdump.py/32022
16 React Native Packages for GlueStack Backdoored Overnight
16 npm packages with over a million weekly downloads between them were compromised. The compromised packages include a remote admin tool that was seen before in similar attacks.
https://www.aikido.dev/blog/supply-chain-attack-on-react-native-aria-ecosystem
Atomic MacOS Stealer Exploits Clickfix
MacOS users are now also targeted by fake captchas, tricking users into running exploit code.
https://www.cloudsek.com/blog/amos-variant-distributed-via-clickfix-in-spectrum-themed-dynamic-delivery-campaign-by-russian-speaking-hackers
Microsoft INETPUB Script
Microsoft published a simple PowerShell script to restore the inetpub folder in case you removed it by mistake.
https://www.powershellgallery.com/packages/Set-InetpubFolderAcl/1.0
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
Hvor kan du lytte?
