A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Monday Feb 17th: Fake BSOD; Volatile IPs; Postgresql libpq SQL Injection; OAUTH Phishing
February 16, 2025
8:32
7.45 MB
Downloads: 0
Fake BSOD Delivered by Malicious Python Script
Xavier found an odd malicious Python script that displays a blue screen of
death to users. The purpose isn't quite clear. It could be a teach support scam
tricking users into calling the 800 number displayed, or a simple
anti-reversing trick
https://isc.sans.edu/diary/Fake%20BSOD%20Delivered%20by%20Malicious%20Python%20Script/31686
The Danger of IP Volatility
Accounting for IP addresses is important, and if not done properly, may
lead to resources being exposed after IP addresses are released.
https://isc.sans.edu/diary/The%20Danger%20of%20IP%20Volatility/31688
PostgreSQL SQL Injection
Functions in PostgreSQL's libpq do not properly escape parameters which may
lead to SQL injection issues if the functions are used to create input for pqsql.
https://www.postgresql.org/support/security/CVE-2025-1094/
Multiple Russian Threat Actors Targeting Microsoft Device Code Auth
The OAUTH device code flow is used to attach devices with limited input capability to a user's account. However, this can be abused via phishing attacks.
https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/