Go offline with the Player FM app!
SANS Stormcast Friday, August 8th, 2025:: ASN43350 Mass Scans; HTTP1.1 Must Die; Hyprid Exchange Vuln; Sonicwall Update; SANS.edu Research: OSS Security and Shifting Left
Fetch error
Hmmm there seems to be a problem fetching this series right now. Last successful fetch was on August 29, 2025 03:32 ()
What now? This series will be checked again in the next day. If you believe it should be working, please verify the publisher's feed link below is valid and includes actual episode links. You can contact support to request the feed be immediately fetched.
Manage episode 498939823 series 19634
Our undergraduate intern Duncan Woosley wrote up aggressive scans from ASN 43350
https://isc.sans.edu/diary/Mass+Internet+Scanning+from+ASN+43350+Guest+Diary/32180/#comments
HTTP/1.1 Desync Attacks
Portswigger released details about new types of HTTP/1.1 desync attacks it uncovered. These attacks are particularly critical for organizations using middleboxes to translate from HTTP/2 to HTTP/1.1
https://portswigger.net/research/http1-must-die
Microsoft Warns of Exchange Server Vulnerability
An attacker with admin access to an Exchange Server in a hybrid configuration can use this vulnerability to gain full domain access. The issue is mitigated by an April hotfix, but was not noted in the release of the April Hotfix.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786
Sonicwall Update
Sonicwall no longer believes that a new vulnerability was used in recent compromises
https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430
SANS.edu Research: Wellington Rampazo, Shift Left the Awareness and Detection of Developers Using Vulnerable Open-Source Software Components
https://www.sans.edu/cyber-research/shift-left-awareness-detection-developers-using-vulnerable-open-source-software-components/
3102 episodes
SANS Stormcast Friday, August 8th, 2025:: ASN43350 Mass Scans; HTTP1.1 Must Die; Hyprid Exchange Vuln; Sonicwall Update; SANS.edu Research: OSS Security and Shifting Left
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Fetch error
Hmmm there seems to be a problem fetching this series right now. Last successful fetch was on August 29, 2025 03:32 ()
What now? This series will be checked again in the next day. If you believe it should be working, please verify the publisher's feed link below is valid and includes actual episode links. You can contact support to request the feed be immediately fetched.
Manage episode 498939823 series 19634
Our undergraduate intern Duncan Woosley wrote up aggressive scans from ASN 43350
https://isc.sans.edu/diary/Mass+Internet+Scanning+from+ASN+43350+Guest+Diary/32180/#comments
HTTP/1.1 Desync Attacks
Portswigger released details about new types of HTTP/1.1 desync attacks it uncovered. These attacks are particularly critical for organizations using middleboxes to translate from HTTP/2 to HTTP/1.1
https://portswigger.net/research/http1-must-die
Microsoft Warns of Exchange Server Vulnerability
An attacker with admin access to an Exchange Server in a hybrid configuration can use this vulnerability to gain full domain access. The issue is mitigated by an April hotfix, but was not noted in the release of the April Hotfix.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786
Sonicwall Update
Sonicwall no longer believes that a new vulnerability was used in recent compromises
https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430
SANS.edu Research: Wellington Rampazo, Shift Left the Awareness and Detection of Developers Using Vulnerable Open-Source Software Components
https://www.sans.edu/cyber-research/shift-left-awareness-detection-developers-using-vulnerable-open-source-software-components/
3102 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.