SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues;

Apr 25, 2025

06:38

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Recent scanning activities targeting Teltonika SMS Gateways reveal attackers exploiting default credentials and validating access by sending test messages internationally.

A significant rise in exploitation trends indicates that around 25% of newly disclosed vulnerabilities are attacked within just one day of their announcement.

Deep dives

Attacks Targeting SMS Gateways

Recent scanning attempts on honeypots indicate that attackers are trying to exploit SMS gateways created by Teltonica. These devices facilitate IP-based connections to send SMS messages through a straightforward API, often defaulting to common usernames and passwords such as 'user1' and 'user_pass'. In addition to these defaults, the attackers have shown interest in other passwords, including a peculiar string 'P8XR', which did not yield any useful information through searches. The attackers are validating the success of their connections by sending test messages to their own phone numbers located in Saudi Arabia and Belgium.

Emerging SMS Gateway Threats and Urgent Vulnerabilities

7min

Attacks against Teltonika Networks SMS Gateways
Attackers are actively scanning for SMS Gateways. These attacks take advantage of default passwords and other commonly used passwords.
https://isc.sans.edu/diary/Attacks%20against%20Teltonika%20Networks%20SMS%20Gateways/31888
Commvault Vulnerability CVE-2205-34028
Commvault, about a week ago, published an advisory and a fix for a vulnerability in its backup software. watchTowr now released a detailed writeup and exploit for the vulnerability
https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/
Exploitation Trends Q1 2025
Vulncheck published a summary of exploitation trends, pointing out that about a quarter of vulnerabilities are exploited a day after a patch is made available.
https://vulncheck.com/blog/exploitation-trends-q1-2025
inetpub directory issues
The inetpub directory introduced by Microsoft in its April patch may lead to a denial of service against applying patches on Windows if an attacker can create a junction for that location pointing to an existing system binary like Notepad.
https://doublepulsar.com/microsofts-patch-for-cve-2025-21204-symlink-vulnerability-introduces-another-symlink-vulnerability-9ea085537741

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues;

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Attacks Targeting SMS Gateways

Rapid Exploitation of Vulnerabilities

Remember Everything You Learn from Podcasts