SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday July 21st, 2025: Sharepoint Exploited; Veeam Fake Voicemail Phish; Passkey Phishing Attack
Jul 21, 2025
A new remote code execution exploit targeting SharePoint has emerged, creating significant security concerns. Recent phishing attempts impersonate Veeam, featuring voicemail themes to trick unsuspecting users. Additionally, there's a clever phishing attack leveraging QR codes to bypass security in Passkey logins. The discussion wraps up with essential security recommendations and insights from a recent cybersecurity event, highlighting the ever-evolving landscape of online threats.
AI Snips
Chapters
Transcript
Episode notes
Active SharePoint Zero-Day Exploit
- Microsoft revealed a new SharePoint 0-day exploited actively without a patch yet.
- Attackers use web shells exploiting toolpane.aspx and insecure deserialization via encrypted view state keys.
Defend Against SharePoint Vulnerability
- Deploy anti-malware on your SharePoint server or block access if that's not possible.
- Assume compromise for any internet-visible SharePoint server until patched due to widespread exploitation.
Veeam Voicemail Phishing Scam
- A phishing email pretended to be a voicemail claiming a Veeam backup license expired.
- The attached WAV file prompted callback for what was likely a tech support scam unrelated to actual Veeam use.