SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, May 15th: Google Open Redirects; Adobe, Ivanti, and Samsung patches
May 15, 2025
Delve into the alarming world of phishing as attackers exploit Google’s open redirects. Learn about Adobe's recent patch addressing serious vulnerabilities in ColdFusion. Discover the latest updates from Samsung concerning their magicInfo 9 CMS, highlighting persistent security challenges. Also, Ivanti tackles a critical flaw in their ITSM software, underlining the importance of robust security measures to prevent exploitation. Tune in for essential insights on staying safe in the digital landscape!
AI Snips
Chapters
Transcript
Episode notes
Google Open Redirect Vulnerability
- Google's open redirects on its maps pages can be exploited to redirect users to phishing sites.
- These redirects borrow trust from Google, making phishing attacks more credible.
Mitigating Open Redirects
- Do not trust redirects from Google links blindly to avoid phishing.
- For your websites, whitelist URLs and use cryptographic tokens to secure redirects.
Urgent Adobe ColdFusion Patches
- Patch Adobe ColdFusion immediately due to priority one vulnerabilities.
- Fixes include arbitrary code execution and file read issues likely to be exploited.