SANS Internet Storm Center's Stormcast: August 7, 2025 Edition on Cybersecurity Threats

In this August 7, 2025 edition of the SANS Internet Storm Center's Stormcast, Johannes Ullrich, recording from Jacksonville, Florida, discusses several critical cybersecurity topics.

The first topic covered is the resurgence of sextortion scams. Although these scams have decreased in recent years, they still experience spikes in activity. Johannes mentions recently receiving a dozen emails of this type, with subject lines offering a "cooperation offer." Yan, an expert, examined several email addresses and associated cryptocurrency addresses to determine if these scams are still effective. Unfortunately, some addresses have received deposits in accordance with the scammers' demands. Johannes emphasizes that while these scams are old, they can still deceive vulnerable individuals depending on the circumstances. He also mentions that these messages are relatively easy to filter automatically, which explains why he hasn't seen many recently.

Another topic discussed is the mysterious compromise of SonicWall, used by the Akira ransomware group to access corporate networks. One technique they use is the "bring your own vulnerable driver" (BYOVD) attack, where legitimate but vulnerable drivers are installed to escalate privileges and disable EDR (Endpoint Detection and Response) tools. Two mentioned drivers, including one for CPU tuning, are legitimate but uncommon in corporate environments, which should trigger alerts if detected.

Johannes also talks about the need to patch Adobe Experience Manager due to two vulnerabilities for which proofs of concept are already publicly available. These vulnerabilities are likely already being exploited in a targeted manner. Adobe has released a security advisory, and patches are available.

Finally, Trend Micro has released a patch for a command injection vulnerability in its Apex One management console, allowing remote code execution without authentication. This vulnerability is already being exploited in the wild. The current patch, although limiting some functionalities, is a temporary measure until the final patch is released, expected by mid-August.

These insights are crucial for cybersecurity professionals, as they highlight current threats and the measures needed to secure systems. Sextortion scams, though well-known, remain effective, underscoring the importance of awareness and automatic filters. BYOVD attacks and vulnerabilities in commonly used software emphasize the need for regular monitoring and patching of systems.

For more details, watch the full video at the following address: https://www.youtube.com/watch?v=45SM2iQK6dI