Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Mass Internet Scanning from ASN 43350 Our undergraduate intern Duncan Woosley wrote up aggressive scans from ASN 43350 https://isc.sans.edu/diary/Mass+Internet+Scanning+from+ASN+43350+Guest+Diary/32180/#comments HTTP/1.1 Desync Attacks Portswigger released details about new types of HTTP/1.1 desync attacks it uncovered. These attacks are particularly critical for organizations using middleboxes to translate from HTTP/2 to HTTP/1.1 https://portswigger.net/research/http1-must-die Microsoft Warns of Exchange Server Vulnerability An attacker with admin access to an Exchange Server in a hybrid configuration can use this vulnerability to gain full domain access. The issue is mitigated by an April hotfix, but was not noted in the release of the April Hotfix. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786 Sonicwall Update Sonicwall no longer believes that a new vulnerability was used in recent compromises https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recen