Hello and welcome to the Tuesday, February 10th, 2026
edition of the SANS and Internet Storm Center's Stormcast. My
name is Johannes Ullrich, recording today from
Jacksonville, Florida. And this episode is brought to you
by the SANS.edu Graduate Certificate Program in
Penetration Testing and Ethical Hacking. And today, 17
years ago, was, well, the first episode of this podcast.
Since then, according to my counting, but it's probably
not accurate with re -recordings and stuff like
this, we published 4,160 individual episodes, a few
days worth of audio material. And just, well, to celebrate
this a little bit, if you were born after February 9th, 2009,
well, drop me an email and I'll have some stickers for
you. It's just interesting to hear how many listeners are
actually younger than the podcast itself. And Didier has
a diary today about an update and, well, way to better use
his famous document analysis tools to extract URLs from RTF
documents. And as an example, Didier here has a malicious
document that's based out of a basic phishing email that came
with an RTF attachment. Extracting URLs is always
super useful because, well, that's often the next step
that an attacker is trying to pursue. And of course, we had
last week this story about well, malformed URLs. And that
certainly fits in here too, that you're also then able to
extract some of these malformed URLs that may not
necessarily quite match standard patterns, but are
still effective. And we got, well, a new blog post by
Watchtower with details regarding the latest
vulnerability in Avanti's Endpoint Manager Mobile. That
product, always good for easy to exploit vulnerabilities.
And this is not so different here. Now, it took Watchtower
a little bit time here to actually walk through all the
code. But in the end, it turns out to be a fairly
straightforward OS command injection vulnerability.
Essentially, as part of the URL, you can supply OS
commands and they're then being executed by the system.
So definitely something that you must patch, in particular,
since this vulnerability is already being exploited. And
with all these details being made public by Watchtower now,
of course, the exploits are now very easily going to be
delivered and expanded. And talking about OS command
injection vulnerabilities in software that's supposed to
make us more secure, we do have more of these. And this
time it's beyond trust name that usually doesn't come up
with these simple vulnerabilities and affects
their remote support and privileged remote access
solution. This is yet another vulnerability that was found
via AI Haktron. AI is the company that's been credited
with finding this vulnerability. So certainly AI
is making an impact here. And as I said yesterday, used
correctly, it can actually lead to some good and useful
security vulnerability discoveries. And good old
Fortinet. Not even sure if I haven't already mentioned that
there were so many Fortinet vulnerabilities recently. This
one is a SQL injection vulnerability in Forticlient
EMS. They gave it a CVS score of 9.1. So it does allow
the execution of unauthorized codes and it does not require
authentication. So definitely there's something that you
need to patch and probably better patch quickly. And
well, with all the Fortinet stuff out in the last couple
of weeks, definitely if you have any of their devices,
double check that they're up to date and that you didn't
miss one of the vulnerabilities. Well, and
that's it for today. So thanks again for listening. Thanks
for liking. Thanks for subscribing to this podcast.
And as always, talk to you again tomorrow. Bye.
