Want to create an interactive transcript for this episode?
Podcast: SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Episode: SANS Stormcast Monday, April 28th: Image Steganography; SAP Netweaver Exploited
Description:
Example of a Payload Delivered Through Steganography
Xavier and Didier published two diaries this weekend, building on each other. First, Xavier showed an example of an image being used to smuggle an executable past network defenses, and second, Didier showed how to use his tools to extract the binary.
https://isc.sans.edu/diary/Example%20of%20a%20Payload%20Delivered%20Through%20Steganography/31892
SAP Netweaver Exploited CVE-2025-31324
An arbitrary file upload vulnerability in SAP s Netweaver product is actively exploited to upload webshells. Reliaquest discovered the issue. Reliaquest reports that they saw it being abused to...