SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches
Jan 28, 2025
Discover how cybercriminals are using the 'shy' HTML entity to bypass phishing filters in a cunning new tactic. Apple has rolled out vital patches that address a 0-day vulnerability, bolstering user security. Learn about a serious vulnerability in Fortinet's systems that could be exploited. Plus, hear the latest updates on vulnerabilities in GitHub Desktop and Apache Solr, ensuring you're informed about necessary patches and security measures in the ever-evolving landscape of cybersecurity.
06:14
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Attackers are exploiting sophisticated techniques like the C-Shy attack to bypass phishing filters by inserting invisible HTML characters.
- Apple has released critical patches addressing a 0-day vulnerability, highlighting the necessity for software updates to counteract known security threats.
Deep dives
Bypassing Phishing Filters with C-Shy Attacks
Attackers are increasingly using sophisticated techniques to bypass phishing filters, with a notable method called the C-Shy attack. This technique involves inserting invisible characters, such as soft hyphens, into phishing emails. These characters render otherwise common keywords like 'password' unrecognizable to automated filtering systems while still appearing normal to human readers. The discussion highlights the challenge for security systems in keeping up with motivated attackers who can manipulate text formats to evade detection.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
