SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC
4 snips
Oct 29, 2025 Invisible characters in email subjects are now weaponized in phishing attacks, tricking users and evading filters. A critical flaw in Apache Tomcat’s PUT method could lead to remote code execution through unauthorized file uploads. Plus, there's a newly available proof of concept for a BIND9 DNS spoofing vulnerability, highlighting trust issues with additional records. The discussion also touches on OpenVPN’s risk with unsanitized parameters that can allow command injection. Stay informed on these pressing security threats!
AI Snips
Chapters
Transcript
Episode notes
Invisible Characters Break Subject Filters
- Attackers embed UTF-8 characters like soft hyphens in email subjects to break keyword detection.
- Many mail clients (e.g., Outlook) hide these characters, letting phishing bypass filters.
Patch Tomcat If You Allow PUT
- If you enable HTTP PUT on Tomcat, constrain uploads to specific directories only.
- Update Tomcat immediately if PUT is enabled to prevent directory traversal and web shell uploads.
Forwarders Can Trust Dangerous DNS Data
- A BIND9 spoofing flaw stems from trusting additional/forwarded response records rather than RNG weakness.
- Forward-only configurations trusting upstream forwarders can expose resolvers to spoofed additional records.