SANS Stormcast Friday, June 6th, 2025: Fake Zoom Clients; Python tarfile vulnerability; HPE Insight Remote Support Patch
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 6 June 2025
⏱️ 5 minutes
🧾️ Download transcript
Summary
Be Careful With Fake Zoom Client Downloads
Miscreants are tricking victims into downloading fake Zoom clients (and likely other meeting software) by first sending them fake meeting invites that direct victims to a page that offers malware for download as an update to the Zoom client.
https://isc.sans.edu/diary/Be%20Careful%20With%20Fake%20Zoom%20Client%20Downloads/32014
Python tarfile Vulnerability
Recently, the Python tarfile module introduced a filter option to help mitigate some of the insecure behavior common to software unpacking archives. This filter is, however, not working quite as well as it should.
https://mail.python.org/archives/list/[email protected]/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
Hewlett Packard Enterprise Insight Remote Support processAttachmentDataStream Directory Traversal Remote Code Execution Vulnerability
HP fixed, among other vulnerabilities, a critical remote code execution vulnerability in Insight Remote Support (IRS)
https://www.zerodayinitiative.com/advisories/ZDI-25-325/
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Friday, June 6, 2025 edition of the Sands Internet Storm Centers, Stormcast. |
| 0:08.0 | My name is Johannes Ulrich, and this episode, prok you by the Sands.edu, credit certificate program in cybersecurity engineering. |
| 0:15.9 | It's recorded in Jacksonville, Florida. |
| 0:19.3 | Well, in Diaries today, we have an interesting one from Xavier who |
| 0:22.6 | ran into a scam involving Zoom in this case. The scam arrived as an email. The email was a fake |
| 0:33.1 | invite for a Zoom meeting. Now, that overall looked legit, has the right layout, right format, |
| 0:39.9 | and then if you click on the link to join the actual meeting, you'll be created with, well, |
| 0:45.4 | an update notice that your Zoom client is out of date and you need to update it. That's something |
| 0:52.4 | like this. I've definitely seen in other online meeting software where you need to update it. That's something like this. I've definitely seen in other online meeting software where you try to join a meeting. |
| 0:58.9 | You haven't used a particular client in a while because there are so many of them out there |
| 1:03.1 | that you're presented with notice like this that you should update your client. |
| 1:08.5 | And that would be certainly something that a user could easily fall for, |
| 1:12.5 | in particular if you sort of created that urgency of having to join this meeting right now, |
| 1:18.3 | not really being able to wait, just want to get started, want to download that client and |
| 1:23.1 | get going. Interesting scam. He had certainly something to probably throw into some kind of |
| 1:29.7 | awareness presentation. Well, and then we have a new vulnerability in the Python tar file module. |
| 1:37.7 | That module has had issues in the past, and there are some fundamental problems whenever you're |
| 1:42.8 | trying to extract files from something like a tar file or a zip file, |
| 1:47.0 | and that's usually related to the fact that you may create arbitrary files, additional directories, |
| 1:54.0 | that you don't necessarily intend or want to have created. |
| 1:58.5 | Now, in the past, there has been so a little bit forth and back between the |
| 2:02.0 | maintainer of the TAR file modules and users, how much it's the responsibility of the TAR file module, |
... |
Transcript will be available on the free plan in 17 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.