New Video from @internetstormcenterstormca2350: Crucial Cybersecurity Topics

In this August 22, 2025 edition of the Sans Internet Storm Center Stormcast, Johannes Ullrich, recording from Baltimore, Maryland, addresses several crucial cybersecurity topics. The first point discussed is the use of the "-n" option in various packet capture tools like tcpdump and Wireshark. This option, although standardized, has significant security implications. It prevents reverse resolution of IP addresses, which can be risky as attackers controlling the IP space can intercept these requests. Ullrich prefers Wireshark's solution, which uses already captured DNS queries to create a mapping table between IP addresses and hostnames, thus avoiding subsequent changes in these relationships.

Another topic covered is the vulnerability of Comwalt's data resilience solution. Watchtower published an article detailing several new vulnerabilities, including a command injection in the login process that allows bypassing authentication and executing remote code. These vulnerabilities offer valuable lessons for developers of complex web applications, highlighting the importance of securing authentication processes. Ullrich strongly recommends that Comwalt users patch their systems quickly.

Finally, Docker has released a new version of Docker Desktop to fix a critical vulnerability that allows container escape. This flaw enables an attacker running code in a container to attack the host on which the container is running. This update is particularly important for those using containers for malware analysis or tasks requiring enhanced security.

In conclusion, this video provides valuable insights into best practices for network and application security, as well as the importance of keeping systems up-to-date to protect against new threats.