SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, June 5th, 2025: Phishing Comment Trick; AWS default logging mode change; Cisco Backdoor Fixed; Infoblox Vulnerability Details Released
Jun 5, 2025
A cunning phishing tactic is discussed, where malicious links are cleverly hidden from Outlook users using HTML comments. Amazon's shift to non-blocking logging raises concerns about potential log loss while enhancing application stability. Critical security updates from Cisco, including the removal of a backdoor vulnerability, are highlighted. Infoblox vulnerabilities are also detailed, prompting a reminder of the importance of keeping software up to date. This conversation is essential for anyone interested in cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Phishing Trick Hides Link From Outlook
- Jan discovered a phishing email that shows a malicious link only to non-Outlook users.
- Outlook users see a benign link, hiding the attack from managed corporate environments.
Adapt To AWS Logging Change
- Amazon changes AWS logging default to non-blocking mode June 25th, stopping applications from halting if logs fail.
- Review if your app prefers to keep running or shut down on logging failures and adjust accordingly.
Urgent Cisco and Infoblox Patching
- Update Cisco Identity Services Engine to remove a static credential backdoor vulnerability immediately.
- Prioritize patching Infoblox NetMRI for critical unauthenticated remote command injection.