New Video from @internetstormcenterstormca2350: Cybersecurity Updates and Threat Analysis

In this April 11, 2025 edition of the Sans Internet Storm Center's Stormcast, Johannes Ullrich, recording from Jacksonville, Florida, addresses several crucial topics in cybersecurity. He begins by discussing recent attacks by Walt Typhoon, a Chinese threat actor known for compromising critical infrastructure. Unlike the advanced exploits often associated with these attacks, Ullrich highlights that many old and neglected vulnerabilities are also being exploited. One of the highlights of the video is the analysis of the CVE 2018-0171 vulnerability by Matthew Gorman, an intern. Although this vulnerability is old, it is still actively exploited by threat actors like Walt Typhoon. Gorman explains the issues related to this vulnerability, how it is exploited, and the measures to take to protect against it. Ullrich emphasizes the importance of not neglecting these old vulnerabilities, as they can still cause significant damage. Ullrich then reviews the Microsoft Patch Tuesday updates. He mentions issues with Windows Hello, where some users could no longer log in via their PIN or facial recognition after restarting their system. The solution is to re-enroll the device. There were also updates affecting Citrix and issues for some Roblox users. A problem with Microsoft Office causing crashes was also reported, affecting systems using the MSI installer for Microsoft Office. Microsoft has released a special update to fix this issue. On a positive note, the April updates for Windows 10 are now available. Dell has also released an update for users of its PowerScale 1FS network storage system, fixing a vulnerability with a CVSS score of 9.8. This update addresses a default password, highlighting the importance of securing default passwords. Horizon 3 has published a detailed analysis of a vulnerability discovered in Langflow. This vulnerability, discovered in late February and patched in late March, involves an unauthenticated API endpoint that passes data to a Python exec. Ullrich explains that while the exploitation is not straightforward, it involves the use of Python decorators, an interesting but lesser-known feature. He strongly recommends updating Langflow and not exposing this tool to the internet. Finally, Ullrich mentions that he will be in Orlando for an event where he will teach web application defense. He invites listeners to meet him to discuss and get Internet Storm Center stickers. In conclusion, this video provides a comprehensive overview of current threats and security updates, emphasizing the importance of staying vigilant and keeping systems up to date.