SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, June 2nd, 2025: PNG with RAT; Cisco IOS XE WLC Exploit; vBulletin Exploit
Jun 2, 2025
Discover how a PNG image can hide malware through clever Python coding, raising alarms about current detection methods. Delve into the critical vulnerabilities in Cisco Wireless Controllers that allow for arbitrary code execution. Unpack the implications of changes to PHP that exposed once-protected methods in vBulletin, leading to a surge in exploit attempts. This discussion emphasizes the need for advanced security measures as attackers adapt to new technologies.
AI Snips
Chapters
Transcript
Episode notes
Malware Hidden in PNG Image
- Xavier found malware appended as a zip archive in a PNG image, ignored by normal viewers but executable as Python code.
- The malware changes the desktop wallpaper and acts as a very simple remote admin tool, more proof of concept than widespread malicious use.
Limitations of Signature-Based Detection
- VirusTotal detection for this malware PNG is very low due to code appended to image files being overlooked.
- Signature-based detection, even AI-enabled, struggles to catch such threats without specific signatures.
Patch Cisco WLC Vulnerability Immediately
- Patch the Cisco IOS XE Wireless Controller vulnerability to prevent arbitrary file upload and remote code execution.
- Attackers can exploit a hard-coded JWT to perform directory traversal and execute code remotely.