SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse
8 snips
Mar 4, 2026 Brute-force scans probing CrushFTP servers using default admin credentials and the risk of misconfiguration. Android March 2026 security updates covering 140 flaws, including an exploited Qualcomm display driver bug. OAuth redirection abuse used to steer users to phishing sites and deliver malware. Exposed Google API keys creating risk of unexpected charges and abuse.
AI Snips
Chapters
Transcript
Episode notes
Change CrushFTP Default Admin Credentials
- Avoid using default or trivially guessable admin usernames and passwords when installing CrushFTP.
- Change the documented example username and choose a strong unique password; CrushFTP should also consider blocking obvious weak passwords.
CrushFTP Scans Target Default Admin Credentials
- Johannes Ulrich describes scans targeting CrushFTP admin accounts, not exploiting a software bug.
- Attackers probe for usernames like crushadmin and default weak passwords set during setup, so compromise is user-chosen.
Android March 2026 Patch Fixes Exploited Qualcomm Bug
- Google's March 2026 Android bulletin patched 140 issues, including an in-the-wild exploited Qualcomm display driver memory bug.
- Phone updates may be delayed by vendor/carrier, so applying updates promptly is crucial when available.