SANS Stormcast Monday Feb 17th: Fake BSOD; Volatile IPs; Postgresql libpq SQL Injection; OAUTH Phishing Fake BSOD Delivered by Malicious Python Script Xavier found an odd malicious Python script that displays a blue screen of death to users. The purpose isn't quite clear. It could be a teach support scam tricking users into calling the 800 number displayed, or a simple anti-reversing trick https://isc.sans.edu/diary/Fake%20BSOD%20Delivered%20by%20Malicious%20Python%20Script/31686 The Danger of IP Volatility Accounting for IP addresses is important, and if not done properly, may lead to resources being exposed after IP addresses are released. https://isc.sans.edu/diary/The%20Danger%20of%20IP%20Volatility/31688 PostgreSQL SQL Injection Functions in PostgreSQL's libpq do not properly escape parameters which may lead to SQL injection issues if the functions are used to create input for pqsql. https://www.postgresql.org/support/security/CVE-2025-1094/ Multiple Russian Threat Actors Targeting Microsoft Device Code Auth The OAUTH device code flow is used to attach devices with limited input capability to a user's account. However, this can be abused via phishing attacks. https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/ keywords: oauth; postgresql; ip; volatility; bsod