SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Tuesday, October 14th, 2025: ESAFENET Scans; Payroll Priates; MSFT Edge IE Mode
Oct 13, 2025
A surge in scans targeting the Chinese ESAFENET document system has raised concerns about security vulnerabilities. Investigations reveal targeted payroll pirate attacks are compromising US universities by redirecting employee paychecks through clever phishing techniques. To combat apparent risks, Microsoft is tightening controls on its Edge browser's IE Mode, which has been exploited due to its outdated JavaScript engine. Experts discuss essential mitigations for payroll fraud, emphasizing the importance of strong authentication methods.
AI Snips
Chapters
Transcript
Episode notes
ESAFENET Scans And System Risk
- ESAFENET is being actively scanned and targets the Chinese market with multiple known vulnerabilities.
- Treat secure document management systems as risky and limit document exposure accordingly.
Make Payroll Changes Harder
- Do harden HR/ payroll account workflows and require secondary verification for bank-account changes.
- Use phone calls or business rules to prevent simple portal changes from diverting paychecks.
Payroll Pirates Bypass MFA
- Attackers called 'payroll pirates' phish HR accounts to change direct-deposit details and often bypass MFA.
- Only phishing-resistant authentication prevents users from entering credentials into fraudulent sites.