SANS Stormcast Wednesday Mar 5th: SMTP Credential Hunt; mac-robber.py update; ADSelfService Plus Account Takeover; Android Patch Day; PayPal Scams; VMWare Escape Fix

Romanian Distillery Scanning for SMTP Credentials
A particular attacker expanded the scope of their leaked credential file scans. In addition to the usual ".env" style files, it is not looking for specific SMTP related credential files.
https://isc.sans.edu/diary/Romanian%20Distillery%20Scanning%20for%20SMTP%20Credentials/31736
Tool Updates: mac-robber.py
This update of mac-robber.py fixes issues with symlinks.
https://isc.sans.edu/diary/Tool%20update%3A%20mac-robber.py/31738
CVE-2025-1723 Account takeover vulnerability in ADSelfService Plus
CVE-2025-1723 describes a vulnerability caused by session mishandling in ADSelfService Plus that could allow unauthorized access to user enrollment data when MFA was not enabled for ADSelfService Plus login.
https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-1723.html
Android March Update
Google released an update for Android addressing two already exploited vulnerabilities and several critical issues.
https://source.android.com/docs/security/bulletin/2025-03-01
PayPal's no-code-checkout Abuse
Attackers are using PayPal's no-code-checkout feature is being abused by scammers to host PayPal tech support scam pages right within the PayPal.com domain.
https://www.malwarebytes.com/blog/scams/2025/02/paypals-no-code-checkout-abused-by-scammers
Broadcom Fixes three VMWare VCenter Vulnerabilities
https://github.com/vmware/vcf-security-and-compliance-guidelines/tree/main/security-advisories/vmsa-2025-0004

Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.

• Antall episoder: 2,217
• Siste episode: 2025-06-13
• Nyheter Teknologi Tech News

Hvor kan du lytte?