SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, March 19th, 2026: Adminer Scans; Apple WebKit Patch; another telnetd vuln; screenconnect vuln
4 snips
Mar 19, 2026 Widespread scans probing Adminer database admin installations and why attackers enumerate filenames. Discussion of Adminer authentication risks and recommended extra protections. Apple rolling background WebKit security updates. A pre-auth buffer overflow in GNU inetutils telnetd and the importance of patching. Critical hardening for ScreenConnect 26.1 that encrypts exposed machine keys.
AI Snips
Chapters
Transcript
Episode notes
Adminer Single File Attracts Multi-Filename Scans
- Adminer is a single-file PHP database admin tool similar to phpMyAdmin but with fewer and lower-severity vulnerabilities.
- Attackers are scanning many possible Adminer filenames and localized builds, so enumerating variants reveals installations quickly.
Protect Adminer With Extra Authentication
- Do add an extra authentication layer in front of Adminer such as digest auth or the optional two-factor plugin.
- Two-factor deviates from the one-file goal but shields against credential-based discovery and automated scans.
Apple Background Security Improvements Rolled Out
- Apple added Background Security Improvements to push small security fixes separately from full OS updates.
- The first use updated WebKit for a same-origin issue with a tiny download that still requires a reboot and can be disabled in Security & Privacy.