Episode Details
Back to EpisodesSANS Stormcast Tuesday, August 19th, 2025: MFA Bombing; Cisco Firewall Management Vuln; F5 Access for Android Vuln;
Episode 9576
Published 7 months, 1 week ago
Description
Keeping an Eye on MFA Bombing Attacks
Attackers will attempt to use authentication fatigue by bombing users with MFA authentication requests. Rob is talking in this diary about how to investigate these attacks in a Microsoft ecosystem.
https://isc.sans.edu/diary/Keeping+an+Eye+on+MFABombing+Attacks/32208
Critical Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability
An OS command injection vulnerability may be abused to gain access to the Cisco Secure Firewall Management Center software.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79
F5 Access for Android vulnerability
An attacker with a network position that allows them to intercept network traffic may be able to read and/or modify data in transit. The attacker would need to intercept vulnerable clients specifically, since other clients would detect the man-in-the-middle (MITM) attack.
https://my.f5.com/manage/s/article/K000152049