SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Tuesday, August 19th, 2025: MFA Bombing; Cisco Firewall Management Vuln; F5 Access for Android Vuln;
Aug 19, 2025
Learn about the alarming rise of MFA bombing attacks, where users are overwhelmed with authentication requests to crack security. Discover critical vulnerabilities in Cisco's Secure Firewall Management Center software that could allow remote code execution. Also discussed is a significant flaw in F5 Access for Android, where attackers can intercept sensitive data. The podcast emphasizes the importance of recognizing these threats and applying timely patches to enhance cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
MFA Bombing Exploits Push Approvals
- MFA app push notifications are highly susceptible to authentication fatigue when attackers bombard users with approval requests.
- Monitoring sign-in logs and exporting Entra/Azure AD JSON reports helps identify targeted MFA bombing incidents.
Use Microsoft Logs For Post‑Attack Investigation
- Use mysignins.microsoft and Entra/Azure AD reporting to investigate suspicious MFA approvals.
- Export JSON login data to audit targeted users and correlate IP/location for post-incident analysis.
Patch Cisco FMC Immediately
- Patch Cisco Secure Firewall Management Center immediately if RADIUS is enabled for web or SSH authentication.
- Treat this as high-priority because remote code execution exploits are likely to appear quickly.