SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, August 8th, 2025:: ASN43350 Mass Scans; HTTP1.1 Must Die; Hyprid Exchange Vuln; Sonicwall Update; SANS.edu Research: OSS Security and Shifting Left
Aug 8, 2025
Wellington Rampazo, an information security expert with two decades in the field and recent master’s grad, enlightens listeners with crucial cybersecurity insights. He discusses the alarming rise of mass scanning from ASN 43350 and how organizations can defend against it. The conversation also dives into critical vulnerabilities in HTTP/1.1 and Microsoft Exchange Servers, emphasizing the need for swift updates. Finally, Rampazo shares vital research on improving open-source software security, advocating for developers to shift their awareness and practices to mitigate risks.
AI Snips
Chapters
Transcript
Episode notes
Mass Scanning Anecdote
- Duncan Woosley observed huge scanning spikes from ASN 43350 linked to IP space leasing risky for malicious use.
- Blocking this ASN reduces noise but does not stop attacks due to diverse scanning sources and potential blocking of legitimate traffic.
HTTP/1.1 Request Smuggling Risks
- HTTP/1.1 is fragile and prone to request smuggling when middleboxes translate from HTTP/2.
- HTTP/2's binary format avoids ambiguities that HTTP/1.1 text-based parsing suffers from, so enabling HTTP/2 end-to-end is safer.
Apply Exchange Server Hotfix
- Apply Microsoft's April hotfix for Exchange Server hybrid vulnerability to prevent an admin from gaining full domain control.
- While admin access is needed first, the fix is critical to prevent escalation and broader compromise.