SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, July 14th, 2025: Suspect Domain Feed; Wing FTP Exploited; FortiWeb Exploited; NVIDIA GPU Rowhammer
Jul 14, 2025
Discover a groundbreaking domain feed aimed at identifying potential phishing threats through innovative data aggregation. Learn about recent vulnerabilities in Wing FTP Server and FortiWeb that are actively being exploited, emphasizing the urgent need for updates. Dive into the alarming Rowhammer vulnerability affecting NVIDIA GPUs, showcasing industry-wide risks. This discussion not only illuminates current cybersecurity challenges but also reinforces the importance of vigilance among web developers and organizations.
AI Snips
Chapters
Transcript
Episode notes
Innovative Suspicious Domain Feed
- The new suspicious domain feed uses pattern analysis on newly registered domains instead of aggregating other feeds.
- It looks for odd patterns like mixed scripts, high entropy, or date-like domain names to detect phishing or malware tendencies.
Patch Wing FTP Server Now
- Update Wing FTP Server to version 7.4.4 immediately to patch an active remote code execution vulnerability.
- This vulnerability exploits the web component by injecting Lua code delineated with a null byte in usernames.
Address FortiWeb RCE Vulnerability
- FortiWeb has an active remote code execution exploit via a SQL injection vulnerability.
- Apply security fixes promptly since attackers use SQL injection to write and execute files on the system.