Handler on Duty: Didier Stevens
Threat Level: green
Podcast Detail
PPUnit and Androxgh0st; Session Smart Router Attack; FortiWLM Patch; BadBox Update; Beyond Trust Advisory
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://chrt.fm/track/2748D7/https://traffic.libsyn.com/securitypodcast/9264.mp3
My Next Class
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Network Monitoring and Threat Detection In-Depth | Baltimore | Mar 3rd - Mar 8th 2025 |
Interested in Internet Storm Center stickers? Check here if there are still some available for today.
PHPUnit and Androxgh0st
https://isc.sans.edu/diary/Command%20Injection%20Exploit%20For%20PHPUnit%20before%204.8.28%20and%205.x%20before%205.6.3%20%5BGuest%20Diary%5D/31528
Mirai Attacks Session Smart Routers
https://supportportal.juniper.net/s/article/2024-12-Reference-Advisory-Session-Smart-Router-Mirai-malware-found-on-systems-when-the-default-password-remains-unchanged?language=en_US
FortiWLM Unauthenticated limited file read vulnerability
https://fortiguard.fortinet.com/psirt/FG-IR-23-144
https://securityonline.info/kaspersky-uncovers-active-exploitation-of-fortinet-vulnerability-cve-2023-48788/
Beyond Trust Security Advisory
https://www.beyondtrust.com/trust-center/security-advisories/bt24-10
BadBox Update
https://www.bitsight.com/blog/badbox-botnet-back
https://isc.sans.edu/diary/Command%20Injection%20Exploit%20For%20PHPUnit%20before%204.8.28%20and%205.x%20before%205.6.3%20%5BGuest%20Diary%5D/31528
Mirai Attacks Session Smart Routers
https://supportportal.juniper.net/s/article/2024-12-Reference-Advisory-Session-Smart-Router-Mirai-malware-found-on-systems-when-the-default-password-remains-unchanged?language=en_US
FortiWLM Unauthenticated limited file read vulnerability
https://fortiguard.fortinet.com/psirt/FG-IR-23-144
https://securityonline.info/kaspersky-uncovers-active-exploitation-of-fortinet-vulnerability-cve-2023-48788/
Beyond Trust Security Advisory
https://www.beyondtrust.com/trust-center/security-advisories/bt24-10
BadBox Update
https://www.bitsight.com/blog/badbox-botnet-back
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Network Monitoring and Threat Detection In-Depth | Baltimore | Mar 3rd - Mar 8th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Apr 13th - Apr 18th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | San Diego | May 5th - May 10th 2025 |
Network Monitoring and Threat Detection In-Depth | Baltimore | Jun 2nd - Jun 7th 2025 |