SANS Stormcast Thursday, May 15th: Google Open Redirects; Adobe, Ivanti, and Samsung patches
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 15 May 2025
⏱️ 6 minutes
🧾️ Download transcript
Summary
Another day, another phishing campaign abusing google.com open redirects
Google s links from it s maps page to hotel listings do suffer from an open redirect vulnerability that is actively exploited to direct users to phishing pages.
https://isc.sans.edu/diary/Another%20day%2C%20another%20phishing%20campaign%20abusing%20google.com%20open%20redirects/31950
Adobe Patches
Adobe patched 12 different applications. Of particular interest is the update to ColdFusion, which fixes several arbitrary code execution and arbitrary file read problems.
https://helpx.adobe.com/security/security-bulletin.html
Samsung Patches magicInfo 9 Again
Samsung released a new patch for the already exploited magicInfo 9 CMS vulnerability. While the description is identical to the patch released last August, a new CVE number is used.
https://security.samsungtv.com/securityUpdates#SVP-MAY-2025
Ivanti Patches Critical Ivanti Neurons Flaw
Ivanti released a patch for Ivanti Neurons for ITSM (on-prem only) fixing a critical authentication bypass vulnerability. Ivanti also points to its guidance to secure the underlying IIS server to make exploitation of flaws like this more difficult
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Sands and at Storm Center's Stormcast. My name is Johannes Ulrich, |
| 0:05.9 | and this episode brought you by the Graduate Certificate Program in Incident Response is today recorded in Jacksonville, Florida. |
| 0:16.2 | In today's diary, Jan is writing about how Google is aiding fishing attacks by providing open redirects. |
| 0:25.0 | Now, these open redirects aren't provided intentionally, but more or less accidentally. |
| 0:31.3 | In this particular case, the problem stems from links that Google offers from its maps pages to the hotel websites |
| 0:42.5 | that are linked from the maps. This link actually at first looks kind of like they're doing |
| 0:48.3 | the right thing. There are two parameters to the URL. There is a token and then the actual URL. Now, what often happens in |
| 0:57.0 | these kind of cases is where the token provides some kind of cryptographic assurance that |
| 1:03.2 | the URL is actually the URL that you will like to direct to. However, in this case, the token appears to be more encoding where the link came |
| 1:14.9 | from and who may have clicked on it. So once you have a valid token, doesn't matter which one |
| 1:22.8 | it is, you just may append any URL, doesn't even have to be a valid hotel link to the URL here. |
| 1:30.2 | And then, well, the victim will be redirected initially believing that they went to Google. |
| 1:37.9 | And that's sort of really where the problem with open redirects comes in, that open redirects essentially borrow the trust that people do have |
| 1:47.0 | in websites like Google. So they're clicking on a link to Google but are then immediately being |
| 1:52.2 | redirected to a phishing page that may even attempt to impersonate Google in some cases. |
| 1:59.6 | Google's response to this is, well, that they don't really see this as a problem. |
| 2:03.4 | Well, people just shouldn't trust Google. |
| 2:06.1 | And if you don't trust Google, then there is no trust to steal. |
| 2:10.2 | And this attack should fail. |
| 2:13.0 | I think that's solid advice. |
| 2:15.1 | Don't trust Google. |
| 2:16.6 | And that's probably the best defense you have at this point |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.