SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday Feb 17th: Fake BSOD; Volatile IPs; Postgresql libpq SQL Injection; OAUTH Phishing
5 snips
Feb 17, 2025 A malicious Python script is creating fake blue screens of death, possibly to trick users into calling support scams. The importance of managing volatile IP addresses is emphasized, as mismanagement can lead to serious security risks. A critical SQL injection vulnerability in PostgreSQL’s libpq functions is detailed, exposing systems to potential breaches. Finally, the podcast explores how Russian threat actors are exploiting OAuth device code authentication through phishing attacks, highlighting the need for increased user awareness and security measures.
AI Snips
Chapters
Transcript
Episode notes
Fake BSOD Python Script
- A malicious Python script displays a fake BSOD, including an 800 number.
- The number leads to a debt collection agency, possibly hinting at a past tech support scam.
Manage Volatile IPs
- Keep meticulous inventories of IP addresses and design systems for agility.
- This allows for easy IP address changes, crucial due to their volatile nature, especially in cloud environments.
PostgreSQL libpq Vulnerability
- A PostgreSQL vulnerability exists not in the database itself, but in its libpq library's parameter escaping.
- This can lead to SQL injection even if developers use the library correctly, highlighting a subtle security risk.