SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Stormcast Wednesday Mar 5th: SMTP Credential Hunt; mac-robber.py update; ADSelfService Plus Account Takeover; Android Patch Day; PayPal Scams; VMWare Escape Fix
Mar 5, 2025
A Romanian attacker expands their scanning tactics to hunt for SMTP credentials, complicating cybersecurity efforts. An update to mac-robber.py resolves symlink issues, enhancing security tool functionality. A serious vulnerability in ADSelfService Plus could allow unauthorized access without MFA. Google's March Android update tackles critical vulnerabilities, while PayPal's no-code-checkout feature faces exploitation by scammers. Broadcom addresses three VMware vulnerabilities to prevent potential virtual machine breaches.
06:11
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Recent credential scanning activities by an attacker linked to a Romanian distillery highlight significant security risks for SMTP configurations.
- Vulnerabilities in ADSelfService Plus and innovative PayPal phishing tactics underscore the urgent need for timely updates and enhanced security measures.
Deep dives
Emerging Threats in Credential Scanning
A significant concern involves a host that has been scanning for credential files, particularly those associated with SMTP servers, over the past month. New targeted files include smtp-token and smtp-keys, which may contain critical server credentials, but their specific application remains unclear. Interestingly, this scanning activity is traced to a distillery in Romania, likely indicating a compromised system exploiting vulnerable credential files. Identifying the exact implications of these scans is essential, as they raise potential security risks for businesses using these configurations.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
