SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, May 9th: SSH Exfil Tricks; magicINFO still vulnerable; SentinelOne Vulnerability; Commvault insufficient patch
May 9, 2025
Discover innovative ways to utilize SSH connections to bypass restrictive network access. Delve into the lingering vulnerabilities of Samsung's magicINFO 9, which remains exploitable despite attempts to patch it. Learn about the alarming exploit targeting SentinelOne's endpoint protection, revealing how attackers can shut down defenses. The discussion also highlights Commvault's ineffective patch management, showcasing the ongoing risks to backup systems. It’s a must-listen for anyone concerned about cybersecurity!
AI Snips
Chapters
Transcript
Episode notes
SSH Tunnel Bypasses Network Blocks
- Xavier used a single inbound SSH connection to bypass strict outbound firewall restrictions.
- This SSH tunnel acted as a proxy to access websites and download tools on a restricted system.
Samsung MagicInfo Patch Incomplete
- The Samsung MagicInfo 9 vulnerability patch from last August is ineffective or incomplete.
- Fully patched installations remain vulnerable and exploitable, especially by botnets like Mirai.
Protect SentinelOne Update Process
- Follow Aon's guidance to protect SentinelOne endpoints from upgrade process exploits.
- Secure SentinelOne's update mechanism to prevent attackers from disabling endpoint protection.