A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Friday, May 23rd 2025: Backup Connectivity; Windows 2025 dMSA Abuse; Samlify Vulnerability
May 22, 2025
7:54
6.64 MB
Downloads: 0
Resilient Secure Backup Connectivity for SMB/Home Users
Establishing resilient access to a home network via a second ISP may lead to unintended backdoors. Secure the access and make sure you have the visibility needed to detect abuse.
https://isc.sans.edu/diary/Resilient%20Secure%20Backup%20Connectivity%20for%20SMB%20Home%20Users/31972
BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory
An attacker with the ability to create service accounts may be able to manipulate these accounts to mark them as migrated accounts, inheriting all privileges the original account had access to.
https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory
Flaw in samlify That Opens Door to SAML Single Sign-On Bypass CVE-2025-47949
The samlify Node.js library does not verify SAML assertions correctly. It will consider the entire assertion valid, not just the original one. An attacker may use this to obtain additional privileges or authenticate as a different user
https://www.endorlabs.com/learn/cve-2025-47949-reveals-flaw-in-samlify-that-opens-door-to-saml-single-sign-on-bypass