SANS Internet Storm Center Discusses Critical Cybersecurity Issues

In the August 14, 2025 edition of the SANS Internet Storm Center Stormcast, Johannes Ullrich from Jacksonville, Florida, discusses several crucial topics in cybersecurity. One of the main points addressed is the persistence of old vulnerabilities, notably a 2017 flaw in Excel's equation editor, exploited via XLM files. Unlike macro attacks, this vulnerability allows the download and execution of malicious software that steals information and exfiltrates it via email. This technique is more common among home users, as businesses often block outgoing emails to unknown servers.

Another important topic is the vulnerability of Microsoft Exchange in hybrid mode, where an attacker with administrative privileges can compromise other parts of the infrastructure, including domain controllers. This flaw is due to a directory traversal issue in Kerberos. Johannes also mentions a report by Binary on the XC utils backdoor, discovered in March 2024. Although quickly identified, this backdoor remains present in some Docker images distributed by the official Docker DBN account. This raises a debate between Binary and the DBN maintainers about the need to remove these vulnerable images. Binary argues that these images should be deleted due to the presence of malware, while DBN considers them archives of unsupported versions, similar to other vulnerable software available for research purposes.

Johannes emphasizes the importance of vigilance when downloading Docker images, ensuring they are currently supported versions. He warns against using images derived from vulnerable versions, as they may also be infected.

Finally, two critical vulnerabilities in Fortinet devices are discussed. The first is an authentication flaw in FortiWeb, for which exploits are already available. The second, in FortiMail, allows unauthenticated OS command injection. Fortinet has confirmed the existence of exploits in the wild for the latter, making these patches urgent.

In conclusion, this video highlights the importance of continuous vigilance in cybersecurity, even for old vulnerabilities, and the need to maintain rigorous security practices, especially in the choice and management of Docker images.