SANS Internet Storm Center Stormcast Covers DShield Honeypot Updates and Critical Vulnerabilities

5 May 2026

CybersecurityVulnerabilitiesSoftware UpdatesRansomwareDShieldHoneypotUbuntuMoveItApacheHTTP ServerRemote Code ExecutionAuthentication Bypass

The May 5, 2026, SANS Internet Storm Center Stormcast covered updates to the DShield honeypot, now compatible with Ubuntu 26.04 after minor adjustments, though the host cautioned against upgrading due to rewritten Linux utilities in Rust introducing time-of-check-to-time-of-use vulnerabilities. The honeypot's Cowrie component, a Python-based SSH/Telnet simulator, had encoding issues affecting API key usage, with a fix expected in the next update. Progress Software released patches for two MoveIt file management vulnerabilities—one critical, one high—addressing authentication bypass risks via backend command interfaces, noting past exploitation for ransomware. Apache HTTP Server version 2.4.66 was identified as vulnerable to remote code execution via its HTTP/2 module, but only if compiled from source, as most Linux distributions backport fixes. The host emphasized patching MoveIt due to its history as a ransomware target and confirmed no widespread impact from the Apache flaw. Feedback on podcast content was solicited.