SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday May 28th 2025: Securing authorized_keys; ADAuditPlus SQL Injection; Dero Miner vs Docker API
May 28, 2025
Discover how SSH backdoors are created through unauthorized access to authorized_keys files and why managing these files is crucial. Dive into the unsettling vulnerabilities of the Meteobridge software that allow remote command execution without authentication. Learn about the recent SQL injection issues in ManageEngine ADAuditPlus and the potential risks they pose. Finally, uncover the Dero Miner botnet's innovative technique of infecting Docker containers via exposed APIs to mine cryptocurrency.
AI Snips
Chapters
Transcript
Episode notes
Secure SSH authorized_keys Files
- Secure SSH authorized_keys files by storing all keys in a centrally managed directory.
- Make these files readable but not writable by users to prevent unauthorized modification.
Avoid Bash and Eval for Security
- Using Bash for complex input validation is risky due to whitespace and security pitfalls.
- Avoid eval and prefer languages like Perl or Python for safer scripting.
Patch ADAuditPlus SQL Vulnerabilities
- Patch ManageEngine ADAuditPlus promptly to address SQL injection vulnerabilities.
- These exploits allow lateral movement and privilege escalation within networks.