SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, August 29th, 2025: Scans for ZIP Files; FreePBX 0-Day; Passwordstate Patch
7 snips
Aug 29, 2025 In this installment, experts highlight an alarming rise in attacks targeting .zip files, as attackers seek out careless backups. They delve into a critical vulnerability in FreePBX that's currently being exploited, along with new mitigations and a beta patch. Additionally, the discussion covers a recently patched authentication bypass vulnerability in Passwordstate, which could expose emergency passwords. Tune in for essential insights into these pressing cyber security issues!
AI Snips
Chapters
Transcript
Episode notes
Rising ZIP File Scans
- Attackers increasingly scan web honeypots for .zip files expecting leftover backups with credentials or configuration.
- This suggests a widespread deployment hygiene problem where administrators leave sensitive archives in document roots.
Remove Or Block Archive Files
- Check web servers for stray .zip (and similar) archives in the document root and remove any that aren't required.
- Configure your web server to block serving .zip, .tar, .gz and other archive extensions if they are not needed.
Archives Beyond ZIP Are Next
- Scans will likely expand beyond .zip to other archive extensions as attackers adapt their tooling.
- Proactively add common archive extensions to your block list before attackers iterate on file types.