SANS Stormcast Monday Feb 17th: Fake BSOD; Volatile IPs; Postgresql libpq SQL Injection; OAUTH Phishing - podcast episode cover

SANS Stormcast Monday Feb 17th: Fake BSOD; Volatile IPs; Postgresql libpq SQL Injection; OAUTH Phishing

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Feb 17, 20259 minEp. 9326
--:--
--:--
Listen in podcast apps:
Metacast
Spotify
Youtube
RSS

Episode description


Fake BSOD Delivered by Malicious Python Script
Xavier found an odd malicious Python script that displays a blue screen of
death to users. The purpose isn't quite clear. It could be a teach support scam
tricking users into calling the 800 number displayed, or a simple
anti-reversing trick
https://isc.sans.edu/diary/Fake%20BSOD%20Delivered%20by%20Malicious%20Python%20Script/31686
The Danger of IP Volatility
Accounting for IP addresses is important, and if not done properly, may
lead to resources being exposed after IP addresses are released.
https://isc.sans.edu/diary/The%20Danger%20of%20IP%20Volatility/31688
PostgreSQL SQL Injection
Functions in PostgreSQL's libpq do not properly escape parameters which may
lead to SQL injection issues if the functions are used to create input for pqsql.
https://www.postgresql.org/support/security/CVE-2025-1094/
Multiple Russian Threat Actors Targeting Microsoft Device Code Auth
The OAUTH device code flow is used to attach devices with limited input capability to a user's account. However, this can be abused via phishing attacks.
https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/
SANS Stormcast Monday Feb 17th: Fake BSOD; Volatile IPs; Postgresql libpq SQL Injection; OAUTH Phishing | SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) - Listen or read transcript on Metacast