New Cybersecurity Threats and Attacks Discussed in Latest Stormcast

In the August 11, 2025 edition of the Sans Internet Storm Center's Stormcast, Johannes Ullrich, recording from Jacksonville, Florida, addresses several critical cybersecurity topics. The first issue discussed is a new scam targeting Tesla users and fans, particularly those looking to pre-order Tesla products, including the Optimus robot.

When users search for pre-orders for the Tesla Optimus on Google, they encounter sponsored links that are not paid for by Tesla. These links lead to sites mimicking the design of Tesla's official website but with different domain names like offers-tesla.com. These sites allow users to pre-order unreleased products, such as the Optimus robot, using their credit cards. Johannes tested the payment process with a fake credit card number and was able to place the order without any issues, suggesting that the card numbers could be used later for fraudulent activities.

The site does not offer a login feature, unlike Tesla's official website, making it difficult for users to check the status of their order. This can delay the realization of the scam. Although the site offers a registration option, Johannes could not complete the process due to anti-spam filters blocking the confirmation email. It is likely that these sites are regularly shut down and replaced with new ones using similar domain names.

Next, Johannes discusses two interesting presentations from Defcon, a conference on computer security. The first, by researchers from Eclipseim, demonstrates an attack called the "bad cam attack." This attack involves updating the firmware of a USB device, such as a webcam, after compromising the system. The attacker can then use this device to inject keystrokes and execute malicious code, providing persistence even if the system is cleaned. This technique is particularly effective because USB devices are often beyond the reach of endpoint protection solutions.

The second presentation, by Shahak Morak, concerns a denial-of-service (DoS) attack affecting domain controllers exposed to the internet. The attack exploits the RPC protocol to turn the domain controller into an LDAP client, forcing it to send LDAP requests to another IP address, which can cause overload and denial of service. This attack is more complex than simple packet flooding because it exhausts CPU and memory resources. The main lesson is never to expose domain controllers to the internet.

In conclusion, this edition of the Stormcast highlights sophisticated scams and advanced attack techniques, emphasizing the importance of vigilance and good cybersecurity practices. For more details, watch the full video at the following address: https://www.youtube.com/watch?v=jQ-PcbXMx50