SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Tuesday, May 12th: Apple Patches; Unipi Technologies Scans;

May 13, 2025
Apple has released extensive updates to fix vulnerabilities across its operating systems. The discussion highlights the ongoing issue of default IoT passwords, specifically how the Mirai botnet is targeting Unipi devices. A critical flaw in the Output Messenger app is being exploited in sophisticated attacks, and there’s good news for Commvault users, as their recent patch successfully addresses a vulnerability. Plus, there’s a mention of an upcoming honeypot workshop that you won’t want to miss!
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ADVICE

Urgent Apple Patches Released

  • Apple patched 65 vulnerabilities across macOS and iOS, including ones actively exploited.
  • Users should update their systems promptly, especially older versions back to macOS Ventura (13).
INSIGHT

Legacy Vulnerabilities Persist

  • Devices by Unipi Technology still use default username and password, exposing them to Mirai botnet attacks.
  • The malware also exploits a Netgear vulnerability from 2013 that was assigned a CVE only recently.
ADVICE

Patch Output Messenger Now

  • Output Messenger has a path traversal vulnerability actively exploited by attackers targeting Middle East and Europe.
  • Update Output Messenger quickly to prevent attackers from accessing sensitive files or controlling local servers.
Get the Snipd Podcast app to discover more snips from this episode
Get the app