SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, July 11th, 2025: SSH Tunnel; FortiWeb SQL Injection; Ruckus Unpatched Vuln; Missing Motherboard Patches;
Jul 11, 2025
Dive into the world of cyber security vulnerabilities, where SSH tunneling is exploited by attackers to relay traffic through compromised servers, targeting services like Yandex email. Discover the alarming risk posed by an unauthenticated SQL injection vulnerability in FortiWeb, potentially allowing unauthorized code execution. Plus, learn about critical flaws in Ruckus products, where multiple vulnerabilities remain unpatched, highlighting the necessity for restrictive access. Cyber risks are evolving; stay informed!
AI Snips
Chapters
Transcript
Episode notes
Attackers Abuse SSH Servers
- Attackers are abusing compromised SSH servers with weak passwords to set up tunnels for indirect attacks.
- One top target was Yandex mail server, used as a relay to obfuscate attack origins and send spam.
SSH Tunnels Obfuscate Attack Origins
- Using compromised SSH servers as proxies helps attackers obfuscate their true origin.
- Even nation-states have used such diverted chains to cover tracks in attacks.
Patch FortiWeb SQL Injection
- Patch FortiWeb quickly to fix a critical unauthenticated SQL injection vulnerability.
- This flaw could allow attackers full database access and has a CVSS of 9.6.