SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches
15 snips
Jan 28, 2025 Discover how cybercriminals are using the 'shy' HTML entity to bypass phishing filters in a cunning new tactic. Apple has rolled out vital patches that address a 0-day vulnerability, bolstering user security. Learn about a serious vulnerability in Fortinet's systems that could be exploited. Plus, hear the latest updates on vulnerabilities in GitHub Desktop and Apache Solr, ensuring you're informed about necessary patches and security measures in the ever-evolving landscape of cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Z-Shy Phishing
- Attackers bypass phishing filters using "zero-width characters" like spaces and hyphens.
- These characters disrupt keyword recognition by machines but remain invisible to users.
Apple Patches 0-Day
- Update all Apple devices to patch the recently discovered zero-day vulnerability.
- This vulnerability affects iOS versions prior to 17.2 and allows privilege escalation.
Fortinet Exploit Details
- A FortiOS vulnerability allows terminal access via HTTP requests due to a race condition.
- Authentication can be bypassed by exploiting this race condition in WebSocket proxy.