Crucial Cybersecurity Topics Discussed in Latest Sans Internet Storm Center Stormcast

In this July 29, 2025 edition of the Sans Internet Storm Center Stormcast, Johannes speaks from Jacksonville, Florida, addressing several critical cybersecurity topics.

The first major topic concerns parasitic attacks on backdoors left by SharePoint exploits. Johannes explains that these attacks began to manifest significantly around July 20, with a rapid increase thereafter. He also notes that some of these attacks come from researchers trying to determine the extent of affected systems. Johannes mentions specific URLs targeted by these attacks, including "teamsloon.aspx" on July 13 and "toolpane.aspx" on July 16. These attacks continue with variations like "spininstallzero" and other suspicious URLs. Johannes emphasizes the importance of checking logs, rebuilding and patching servers, and renewing machine keys to secure compromised systems.

Another important point discussed is the vulnerability of Cisco Identity Services Engine (ISE) systems. Johannes reminds viewers that Cisco released patches for two vulnerabilities on June 25 and July 17. These vulnerabilities allow an unauthenticated attacker to execute arbitrary code. A Cisco blog post details the steps necessary to exploit these vulnerabilities, indicating that they are being actively exploited. Johannes stresses the importance of ensuring that systems are patched to avoid these risks.

Finally, Johannes talks about a security update for MyASUS software, often preinstalled on PCs to enhance hardware and software control. This update fixes a vulnerability related to hardcoded credentials that could give an attacker unauthorized access. Although the specific details are vague, Johannes points out that these tools are often present on home users' PCs and can be overlooked during security updates. He recommends patching these systems as soon as possible.

In conclusion, this video highlights the importance of vigilance and proactivity in cybersecurity. Attacks on SharePoint servers, Cisco ISE vulnerabilities, and security updates for preinstalled software are reminders that IT security is a continuous process requiring constant attention.