SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, July 24th, 2025: Reversing SharePoint Exploit; NPM “is” Compromise;
4 snips
Jul 24, 2025 Dive into the world of cyber security with a look at recent SharePoint exploits, showcasing how to decode their malicious payloads. Discover the dangers of the compromised npm package 'is', swiftly neutralized after it spread malware. Plus, learn about Microsoft's new recovery feature for Windows 11, designed to rescue machines stuck in reboot loops. The blend of technical insights and innovative solutions makes for an engaging and informative listen.
AI Snips
Chapters
Transcript
Episode notes
SharePoint Exploit Key Insight
- The SharePoint Toolshell exploit involves decoding base64 and compressed data to reveal attacker actions.
- Just patching is insufficient; compromised machine keys necessitate their rotation to prevent re-compromise.
Be Cautious with NPM Packages
- Be cautious installing npm packages and verify their necessity and maintenance quality.
- A compromised popular npm package highlights risks from phishing and credential theft for maintainers.
Install Only Necessary npm Packages
- Only install npm packages you truly need and prefer well-maintained ones.
- Avoid convenience packages that add minor features but increase attack surface and risks.