SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, October 24th, 2025: Android Infostealer; SessionReaper Exploited; BIND/unbound DNS Spoofing fix; WSUS Exploit
4 snips
Oct 24, 2025 A crafty infostealer is targeting Android devices, using Python and Termux to siphon off data via Telegram. The SessionReaper exploit has emerged just weeks after an Adobe patch, highlighting the urgency for e-commerce platforms. Meanwhile, a significant flaw in BIND and Unbound could open doors for DNS spoofing due to weak random number generation. Lastly, a new proof-of-concept for a WSUS vulnerability has been revealed, stressing the need for immediate security updates.
AI Snips
Chapters
Transcript
Episode notes
Android Infostealer Uses Termux And JSON
- Infostealers for Android can be written in Python and leverage Termux to access device data like contacts.
- The malware outputs JSON and exfiltrates via Telegram, making analysis and automated parsing straightforward.
Patch Adobe Commerce Immediately
- Patch Adobe Commerce (Magento) promptly because SessionReaper (CVE-2025-54236) enables arbitrary code execution via malicious sessions.
- Prioritize emergency patches outside normal cycles since only 38% of stores had applied this fix five weeks after release.
Weak RNG Enables DNS Spoofing Risks
- A weak pseudorandom generator in BIND and Unbound can make port and query ID selection predictable, enabling DNS spoofing.
- DNSSEC helps mitigate spoofing but adoption remains limited across enterprises.