SSH authorized_keys File

One of the most common techniques used by many bots is to add rogue keys to the authorized_keys file, implementing an SSH backdoor. Managing these files and detecting unauthorized changes is not hard and should be done if you operate Unix systems.

https://isc.sans.edu/diary/Securing%20Your%20SSH%20authorized_keys%20File/31986

REMOTE COMMAND EXECUTION ON SMARTBEDDED METEOBRIDGE (CVE-2025-4008)

Weatherstation software Meteobridge suffers from an easily exploitable unauthenticated remote code execution vulnerability

https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008

https://forum.meteohub.de/viewtopic.php?t=18687

Manageengine ADAuditPlus SQL Injection

Zoho patched two SQL Injection vulnerabilities in its ManageEngine ADAuditPlus product

https://www.manageengine.com/products/active-directory-audit/cve-2025-41407.html

https://www.manageengine.com/products/active-directory-audit/cve-2025-36527.html

Dero Miner Infects Containers through Docker API

Kaspersky found yet another botnet infecting docker containers to spread crypto coin miners. The initial access happens via exposed docker APIs.

https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/

Podden och tillhörande omslagsbild på den här sidan tillhör Johannes B. Ullrich. Innehållet i podden är skapat av Johannes B. Ullrich och inte av, eller tillsammans med, Poddtoppen.

Senast besökta

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Wednesday May 28th 2025: Securing authorized_keys; ADAuditPlus SQL Injection; Dero Miner vs Docker API

00:00