SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, September 8th, 2025: YARA to Debugger Offsets; SVG JavaScript Phishing; FreePBX Patches;
6 snips
Sep 8, 2025 Discover how to convert YARA offsets for debugging and what this means for cybersecurity. Learn about a Colombian phishing campaign leveraging JavaScript in SVG files, risking user security. Also, hear about critical vulnerabilities in FreePBX software, including one that was actively exploited, underscoring the need for swift patching to enhance security.
AI Snips
Chapters
Transcript
Episode notes
Converting YARA Offsets For Debugging
- YARA reports file offsets, not debugger-ready virtual addresses.
- Convert YARA offsets to section-relative and then to virtual addresses for accurate debugging.
Treat SVGs As Potential Script Carriers
- Inspect SVG files for embedded JavaScript rather than treating them as inert images.
- Use capable endpoint or malware detection to flag SVGs with script-based phishing payloads.
SVG Structure Enables Stealthy Phishing
- Attackers embed JavaScript in SVGs to evade detection and host lookalike phishing pages.
- Vector/XML nature of SVGs makes them easy to embed and manipulate inside HTML.