SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, October 8th, 2025: FreePBX Exploits; Disrupting Teams Threats; Kibana and QT SVG Patches
Oct 8, 2025
A critical SQL injection vulnerability in FreePBX is enabling remote code execution, posing serious risks. Discover how Microsoft is responding to growing threats against Teams with essential security measures like MFA. Elastic has released a patch for a stored XSS vulnerability in Kibana, highlighting the importance of timely updates. Additionally, two vulnerabilities in the QT SVG module could allow for code execution, emphasizing the need for vigilance in software management.
AI Snips
Chapters
Transcript
Episode notes
FreePBX Cron Job Exploit Example
- Attackers used a FreePBX SQL injection to insert cron jobs that create a PHP webshell file every minute.
- The cron job continuously recreates the file even if the file self-deletes, but attackers may not always load it via a browser.
Harden Microsoft Teams Endpoints
- Read Microsoft's detailed guidance on disrupting Teams-targeting attacks and apply controls across the attack chain.
- Implement MFA, just-in-time access for admins, and secure endpoints to reduce Teams compromises.
Patch Kibana For Stored XSS
- Patch Kibana promptly if you allow file uploads or untrusted content to be stored in your instance.
- The stored XSS in Kibana can escalate access, so apply the Elastic security updates immediately.