Podcast Detail

SANS Stormcast June, June 9th, 2025: Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9484.mp3

previous
Podcast Logo
Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script
00:00

Extracting With pngdump.py
Didier extended his pngdump.py script to make it easier to extract additional data appended to the end of the image file.
https://isc.sans.edu/diary/Extracting%20With%20pngdump.py/32022

16 React Native Packages for GlueStack Backdoored Overnight
16 npm packages with over a million weekly downloads between them were compromised. The compromised packages include a remote admin tool that was seen before in similar attacks.
https://www.aikido.dev/blog/supply-chain-attack-on-react-native-aria-ecosystem

Atomic MacOS Stealer Exploits Clickfix
MacOS users are now also targeted by fake captchas, tricking users into running exploit code.
https://www.cloudsek.com/blog/amos-variant-distributed-via-clickfix-in-spectrum-themed-dynamic-delivery-campaign-by-russian-speaking-hackers


Microsoft INETPUB Script
Microsoft published a simple PowerShell script to restore the inetpub folder in case you removed it by mistake.
https://www.powershellgallery.com/packages/Set-InetpubFolderAcl/1.0


no transcript found