SANS Stormcast Wednesday, April 30th: SMS Attacks; Apple Airplay Vulnerabilities
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 30 April 2025
⏱️ 9 minutes
🧾️ Download transcript
Summary
More Scans for SMS Gateways and APIs
Attackers are not just looking for SMS Gateways like the scans we reported on last week, but they are also actively scanning for other ways to use APIs and add on tools to send messages using other people s credentials.
https://isc.sans.edu/diary/More%20Scans%20for%20SMS%20Gateways%20and%20APIs/31902
AirBorne: AirPlay Vulnerabilities
Researchers at Oligo revealed over 20 weaknesses they found in Apple s implementation of the AirPlay protocol. These vulnerabilities can be abused to execute code or launch denial-of-service attacks against affected devices. Apple patched the vulnerabilities in recent updates.
https://www.oligo.security/blog/airborne
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Wednesday, April 30th, 2025 edition of the Sands and the Internet Storm Center's Stormcast. |
| 0:08.5 | My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida. |
| 0:13.8 | Today I expanded a little bit on work that I already wrote about last Thursday's Nets attacks against SMS gateways and tools. |
| 0:24.6 | Now, on Thursday I talked particular about attacks against Teltonica, networks, gateways. |
| 0:31.6 | These are sort of standalone devices more or less that you can use to basically programmatically send SMS messages. |
| 0:40.5 | But of course, that's actually not what most people are using to send SMS messages. |
| 0:46.3 | Most people are using some kind of API. |
| 0:49.7 | Twilio comes to mind sort of as one of the big ones offering these services, broadband.com, and a couple |
| 0:55.9 | of other companies like this. So I went through our logs today to see what other ways I see |
| 1:02.1 | how attackers are trying to attack these types of SMS gateways. And well, no big surprise here. |
| 1:14.1 | I saw a number of different techniques being used here. |
| 1:15.7 | First of all, well, WordPress. |
| 1:19.8 | I sort of stopped, of course, talking a little bit about WordPress vulnerabilities. |
| 1:23.8 | There are just so many about the plugins in particular. |
| 1:29.0 | And turns out there are dedicated plugins that allow you to send SMS messages from WordPress and these plugins of course are attacked. What we are seeing here in our data |
| 1:35.8 | is mostly attempts to fingerprint WordPress sites to check if they're running one of these plugins. |
| 1:44.0 | And then it's assumed that once they find |
| 1:46.6 | that a particular site has this plugin installed, they will then actually attempt to exploit it. |
| 1:52.9 | Now, there's also a couple of a little bit odd and broken scans here, like these yes, sort of word press scans, |
| 2:04.1 | but notice that percent, percent, target, percent, |
| 2:07.4 | that's often left over when people sort of built these templates |
| 2:11.2 | and then are not properly filling them in and dealing with them. |
... |
Transcript will be available on the free plan in 25 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.