A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Wednesday Mar 19th 2025: Python DLL Side Loading; Tomcast RCE Correction; SAML Roulette; Windows Shortcut 0-Day
March 18, 2025
7:18
6.41 MB
Downloads: 0
Python Bot Delivered Through DLL Side-Loading
A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code
https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Side-Loading/31778
Tomcat RCE Correction
To exploit the Tomcat RCE I mentioned yesterday, two non-default configuration options must be selected by the victim.
https://x.com/dkx02668274/status/1901893656316969308
SAML Roulette: The Hacker Always Wins
This Portswigger blog explains in detail how to exploit the ruby-saml vulnerablity against GitLab.
https://portswigger.net/research/saml-roulette-the-hacker-always-wins
Windows Shortcut Zero Day Exploit
Attackers are currently taking advantage of an unpatched vulnerability in how Windows displays Shortcut (.lnk file) details. Trendmicro explains how the attack works and provides PoC code. Microsoft is not planning to fix this issue
https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html