Crucial Cybersecurity Topics Discussed in SANS United Storm Centers Stormcast Podcast
In this September 23, 2025 edition of the SANS United Storm Centers Stormcast podcast, Johannes Ullrich from Las Vegas, Nevada, addresses several critical cybersecurity topics. The first issue discussed is a report published by the Cyber Security and Infrastructure Security Agency (CISA) on two organizations recently compromised via a vulnerability in Ivanti's Endpoint Manager Mobile (Ivanti EPMM). Attackers exploited this flaw to install a persistent backdoor, allowing them to execute arbitrary commands on affected systems. CISA also provided indicators of compromise, such as URLs used to exploit the vulnerability, along with a detailed analysis of the backdoor. Although the vulnerabilities were patched in May, it is crucial to ensure that all systems are up-to-date and to check if they have already been compromised.
Another topic covered is the discovery by LastPass of numerous fraudulent GitHub repositories distributing malware. These repositories mimic legitimate software providers such as LastPass, 1Password, and DaVinci Resolve, claiming to offer free premium versions of these products, particularly targeting MacBook users. In reality, these repositories distribute malware that steals sensitive information. It is therefore essential to remain vigilant and avoid downloading paid software from unofficial sources.
Finally, Johannes Ullrich mentions an analysis by Yarex of a recent intrusion using the Oracle database server's task scheduler as an attack vector. Although this type of attack is less common, there seems to be an increase in reports of such intrusions. Yarex's analysis details the commands executed via the scheduler to gain persistent access and the accounts created to maintain this access. It is strongly recommended not to expose an Oracle database server directly to the Internet to avoid such vulnerabilities.
This information is crucial for cybersecurity professionals and system administrators, highlighting the importance of constant vigilance and regular updates to protect systems against emerging threats.