August 21, 2025 Stormcast Highlights Cybersecurity Issues

In the August 21, 2025 edition of the Stormcast from Sans Internet Storm Center, Johannes Ullrich from Baltimore, Maryland, discusses several crucial topics in cybersecurity. He begins by talking about strange usernames and passwords observed in SSH and Telnet data, which do not appear to be related to direct attacks. For example, the username "Airtel@123" is linked to a router distributed by the company Airtel, but the associated password is actually the default WPA passphrase for the Wi-Fi network, which is unusual. Another interesting combination is the use of the dollar symbol to replace the first letter of usernames and passwords, such as "$ot" and "$dmin". Ullrich invites listeners to share their thoughts on the possible reasons behind these behaviors.

Apple has also patched a critical vulnerability in iOS, iPadOS, and macOS. This vulnerability, present in Image IO, allows for memory corruption that could lead to arbitrary code execution. Since it is already being exploited, it is crucial to apply this patch quickly.

Another topic discussed is an issue with Microsoft Copilot, documented by Zack Corman. The problem lies in the audit logs, which fail to record access to specific information when it is provided by Copilot. This poses a security issue as users can access sensitive information without it being logged, compromising access control and auditing capabilities. This issue highlights a broader trend where AI agents can bypass traditional access controls.

Finally, Merrick Toth has updated a blog post on clickjacking vulnerabilities in password managers. Clickjacking exploits the way password managers integrate into web pages, making them vulnerable to attacks similar to those on web applications. Several well-known password managers, such as Bitwarden, 1Password, and LastPass, are affected. Although some have been patched, others remain vulnerable, underscoring the importance of updating these tools as soon as possible.

In conclusion, this edition of the Stormcast sheds light on several current vulnerabilities and security issues, providing valuable insights for cybersecurity professionals. It is crucial to stay vigilant and keep systems up to date to protect against these threats.