Podcast Detail

SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9298.mp3

previous
next
Podcast Logo
SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches
00:00

Interested in Internet Storm Center stickers? Check here if there are still some available for today.


This episode shows how attackers are bypassing phishing filter by abusing the "shy" softhyphen HTML entitiy. We got an update from Apple fixing a 0-day vulnerability in addition to a number of other issues. watchTowr show how to exploit an interesting FortiOS vulnerability and we have patches for Github Desktop and Apache Solr

An unusal shy z-wasp phish
https://isc.sans.edu/diary/An%20unusual%20%22shy%20z-wasp%22%20phishing/31626
How the soft hyphen "shy" HTML entity can be abused to bypass e-mail filters

Apple Patches
https://support.apple.com/en-us/100100
Apple released patches for all of its operating systems, fixing a 0-day vulnerability among many others issues

Get Fortirekt I am the Super_admin now
https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/
Details about a recent FortiOS Vulnerability

GitHub Desktop Vulnerability
https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html

Apache Solr Vulnerability
https://solr.apache.org/security.html#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access