EPISODE · Apr 4, 2025 · 6 MIN
SANS Stormcast Friday, Apr 4th: URL Frequency Analysis; Ivanti Flaw Exploited; WinRAR MotW Vuln; Tax filing scams; Oracle Breach Update
from SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) · host Johannes Ullrich
Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive Using frequency analysis, and training the model with honeypot data as well as log data from legitimate websites allows for a fairly simple and reliable triage of web server logs to identify possible malicious activity.https://isc.sans.edu/diary/Exploring%20Statistical%20Measures%20to%20Predict%20URLs%20as%20Legitimate%20or%20Intrusive%20%5BGuest%20Diary%5D/31822 Critical Unexploitable Ivanti Vulnerability Exploited CVE-2025-22457 In February, Ivanti patched CVE-2025-22457. At the time, the vulnerability was not considered to be exploitable. Mandiant now published a blog disclosing that the vulnerability was exploited as soon as mid-marchhttps://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/ WinRAR MotW Vulnerability CVE-2025-31334 WinRAR patched a vulnerability that would not apply the Mark of the Web correctly if a compressed file included symlinks. This may make it easier to trick a victim into executing code downloaded from a website.https://nvd.nist.gov/vuln/detail/CVE-2025-31334 Microsoft Warns of Tax-Related Scam With the US personal income tax filing deadline only about a week out, Microsoft warns of commonly deployed scams that they are observing related to income tax filingshttps://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/ Oracle Breach Updatehttps://www.bloomberg.com/news/articles/2025-04-02/oracle-tells-clients-of-second-recent-hack-log-in-data-stolen
What this episode covers
Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive Using frequency analysis, and training the model with honeypot data as well as log data from legitimate websites allows for a fairly simple and reliable triage of web server logs to identify possible malicious activity.https://isc.sans.edu/diary/Exploring%20Statistical%20Measures%20to%20Predict%20URLs%20as%20Legitimate%20or%20Intrusive%20%5BGuest%20Diary%5D/31822 Critical Unexploitable Ivanti Vulnerability Exploited CVE-2025-22457 In February, Ivanti patched CVE-2025-22457. At the time, the vulnerability was not considered to be exploitable. Mandiant now published a blog disclosing that the vulnerability was exploited as soon as mid-marchhttps://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/ WinRAR MotW Vulnerability CVE-2025-31334 WinRAR patched a vulnerability that would not apply the Mark of the Web correctly if a compressed file included symlinks. This may make it easier to trick a victim into executing code downloaded from a website.https://nvd.nist.gov/vuln/detail/CVE-2025-31334 Microsoft Warns of Tax-Related Scam With the US personal income tax filing deadline only about a week out, Microsoft warns of commonly deployed scams that they are observing related to income tax filingshttps://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/ Oracle Breach Updatehttps://www.bloomberg.com/news/articles/2025-04-02/oracle-tells-clients-of-second-recent-hack-log-in-data-stolen
NOW PLAYING
SANS Stormcast Friday, Apr 4th: URL Frequency Analysis; Ivanti Flaw Exploited; WinRAR MotW Vuln; Tax filing scams; Oracle Breach Update
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.