SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, May 7th: Infostealer with Webserver; Android Update; CISA Warning
May 7, 2025
An intriguing Python infostealer has been discovered, featuring an embedded web server for local phishing sites. The monthly Android update addresses a serious Freetype vulnerability, critical in many devices. CISA warns about unsophisticated cyber actors targeting operational technology, highlighting the necessity of basic security measures. The discussion also dives into exploits related to compressed font files and the significance of regular software updates in defending against such threats.
AI Snips
Chapters
Transcript
Episode notes
Python Infostealer with Webserver
- A Python infostealer includes typical stealing features plus an embedded web server for local phishing sites.
- Using the loopback interface helps evade blocklists controlling phishing site access on the internet.
Patch Freetype Vulnerability Fast
- Update Android and other systems using Freetype promptly to fix a remote code execution vulnerability.
- This vulnerability exploits malicious TrueType fonts, so apply patches to protect your software.
Basic OT Security Advice
- Follow basic security measures to protect operational technology from unsophisticated cyber actors.
- Avoid exposing unnecessary services and use strong passwords to defend against common attacks.