A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Wednesday, August 20th, 2025: Increased Elasticsearch Scans; MSFT Patch Issues
August 19, 2025
6:07
5.14 MB
Downloads: 0
Increased Elasticsearch Recognizance Scans
Our honeypots noted an increase in reconnaissance scans for Elasticsearch. In particular, the endpoint /_cluster/settings is hit hard.
https://isc.sans.edu/diary/Increased%20Elasticsearch%20Recognizance%20Scans/32212
Microsoft Patch Tuesday Issues
Microsoft noted some issues deploying the most recent patches with WSUS. There are also issues with certain SSDs if larger files are transferred.
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24h2#3635msgdesc
https://www.tomshardware.com/pc-components/ssds/latest-windows-11-security-patch-might-be-breaking-ssds-under-heavy-workloads-users-report-disappearing-drives-following-file-transfers-including-some-that-cannot-be-recovered-after-a-reboot
SAP Vulnerabilities Exploited CVE-2025-31324, CVE-2025-42999
Details explaining how to take advantage of two SAP vulnerabilities were made public
https://onapsis.com/blog/new-exploit-for-cve-2025-31324/