Sign up to save your podcasts
Or
Share 126: Click The CAPTCHA, Adopt Malware, Regret Everything
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
126: Click The CAPTCHA, Adopt Malware, Regret Everything
Send a text
We track a wave of high-impact vulnerabilities and social engineering campaigns that target management planes and edge devices, then lay out a concrete four-step validation playbook. The theme is simple: initial access is cheap, but control plane compromise multiplies damage.
• Windows Admin Center privilege escalation and urgent patching
• IceWarp critical flaws enabling total takeover paths
• Fake CAPTCHA campaigns delivering Letrodyctus, Supers, and new RATs
• BeyondTrust RCE exploited in the wild with VShell and SparkRat
• Grandstream VoIP unauthenticated buffer overflow and asset hygiene
• Dell RecoverPoint zero day linked to suspected state activity
• CISA KEV additions signaling active exploitation and patch deadlines
• Fake adversary-built RMM tools and software due diligence
• Device code phishing abusing OAuth to bypass MFA
• Four-step patch validation and assumed-breach log review
• Final theme: protect control planes and edge surfaces
Be sure to follow us on X, Facebook, or LinkedIn for daily updates
And don't forget to subscribe to our newsletter for all this and more right in your inbox
You can find that at infosec.watch
Support the show
Thanks for listening to InfoSec.Watch! Subscribe to our newsletter for in-depth analysis: https://infosec.watch Follow us for daily updates: - X (Twitter) - LinkedIn - Facebook - Stay secure out there!
View all episodes
By Infosec.WatchSend a text
We track a wave of high-impact vulnerabilities and social engineering campaigns that target management planes and edge devices, then lay out a concrete four-step validation playbook. The theme is simple: initial access is cheap, but control plane compromise multiplies damage.
• Windows Admin Center privilege escalation and urgent patching
• IceWarp critical flaws enabling total takeover paths
• Fake CAPTCHA campaigns delivering Letrodyctus, Supers, and new RATs
• BeyondTrust RCE exploited in the wild with VShell and SparkRat
• Grandstream VoIP unauthenticated buffer overflow and asset hygiene
• Dell RecoverPoint zero day linked to suspected state activity
• CISA KEV additions signaling active exploitation and patch deadlines
• Fake adversary-built RMM tools and software due diligence
• Device code phishing abusing OAuth to bypass MFA
• Four-step patch validation and assumed-breach log review
• Final theme: protect control planes and edge surfaces
Be sure to follow us on X, Facebook, or LinkedIn for daily updates
And don't forget to subscribe to our newsletter for all this and more right in your inbox
You can find that at infosec.watch
Support the show
Thanks for listening to InfoSec.Watch! Subscribe to our newsletter for in-depth analysis: https://infosec.watch Follow us for daily updates: - X (Twitter) - LinkedIn - Facebook - Stay secure out there!