New Stormcast Podcast Highlights Critical Cybersecurity Topics
In this September 15, 2025 edition of the SANS and Storm Center's Stormcast podcast, Johannes Ullrich discusses several crucial topics in cybersecurity. The episode begins with an update on scans observed for various types of archives, including .zip, .rar, .7z, .cgc, and .tar files. These scans aim to retrieve backup or configuration files left by negligent system administrators. Attackers often look for files named "backup" or similar, hoping to find credentials and other sensitive data. Another important point addressed is the FBI alert regarding two distinct threat actors targeting Salesforce. The first uses phishing and social engineering techniques to obtain OAuth tokens, while the second is linked to the compromise of Sales Thrift, where stolen OAuth tokens are used against Salesforce and other applications. Johannes emphasizes the importance of not blindly blocking the IP addresses mentioned in the alert, as they may have legitimate uses. He recommends using this information to better understand security logs. The video also covers a campaign of fake browser and editor extensions, dubbed "White Copra" by Koi Security. This campaign is notable for artificially inflating the number of downloads for malicious extensions, creating false credibility. For example, before promoting an extension on social media, attackers add about 50,000 fake downloads. This tactic led to the compromise of at least one high-value victim, a cryptocurrency influencer who lost $500,000. Johannes Ullrich, passionate about attacks against developers, stresses the importance of vigilance against these threats. He mentions that he will address this topic at a conference in B sites in October, highlighting the importance of awareness and continuous training in cybersecurity. In conclusion, this video provides valuable insights into current cybersecurity trends, the techniques used by attackers, and the measures to take for protection. The information shared can be applied in real-world scenarios to enhance the security of systems and applications.