New Cybersecurity Insights from Sans Internet Storm Center

In the August 20, 2025 edition of the Sans Internet Storm Center's Stormcast, Johannes Ullrich, recording from Jacksonville, Florida, addresses several critical cybersecurity topics.

Firstly, Ullrich discusses recent changes observed in scans for Elastic Search. He notes a significant increase in queries to the "_cluster/settings" endpoint, originating from a few specific IP addresses. Although this does not appear to be a widespread attack, he suggests it could be related to an attempt to create lists of potential targets for Elastic Search. Ullrich warns against directly exposing Elastic Search to the internet, especially in the context of single-page applications where JavaScript accesses the database directly. He recommends not exposing backend databases directly to users due to limitations in access control and authentication.

Next, Ullrich revisits issues encountered after Microsoft's Patch Tuesday. While most problems are minor, he mentions a critical flaw affecting SSDs using Fison chipsets. These SSDs can disappear during the transfer of files larger than 50 GB, potentially leading to permanent data corruption. Ullrich advises checking for firmware updates from SSD manufacturers and restarting affected systems to attempt data recovery.

For SAP users, Ullrich alerts about the publication of an exploit by BX Underground, which combines two recent vulnerabilities to fully compromise a system. One of these vulnerabilities has a CVSS score of 10, indicating maximum severity. Ullrich emphasizes the importance of ensuring SAP systems are up-to-date and checking unpatched systems for potential compromises, as the exploit has been used in targeted attacks before its publication.

In conclusion, Ullrich reminds viewers of the importance of vigilance and regular updates to protect systems against new threats. He encourages listeners to apply patches as soon as they are available and to monitor systems for any suspicious activity.

For more details, watch the full video at the following address: https://www.youtube.com/watch?v=C58-yUqy3qc