New Cybersecurity Insights from Internet Storm Center Stormcast
In the May 1, 2025 edition of the Internet Storm Center Stormcast podcast, Johannes Ullrich discusses several crucial topics in cybersecurity. The first issue addressed concerns a vulnerability in SonicWall, which, although known for some time, has recently seen a significant increase in scans. These scans target endpoints related to configuration and authentication, suggesting a possible brute force attack. Ullrich emphasizes the importance of keeping edge devices properly patched and configured with strong passwords to protect against such threats. Another important topic is a malware discovered by EAT Security, which uses IPv6 to position itself as an intermediary. This malware, distributed as a Chinese input plugin for Windows, sends IPv6 router advertisements. These advertisements can redirect victims' DNS requests to an attacker-controlled recursive DNS server, allowing DNS responses to be falsified. The ultimate goal is to load malicious updates onto victims' systems. Ullrich recommends monitoring sudden IPv6 usage and disabling IPv6 if necessary, as this protocol is often enabled by default on most operating systems. Finally, Ullrich addresses a Microsoft feature that can pose security issues: the caching of RDP credentials. This feature allows users to connect to a system via RDP even after changing their password, using old credentials. While convenient for preventing account lockouts, this can become a problem in the event of a security breach, as attackers can continue to access the system with old credentials. Ullrich stresses the importance of detecting or preventing this activity, although logging of this feature is limited. These discussions highlight the importance of vigilance and proactivity in managing security systems. Administrators must ensure that their systems are up-to-date and properly configured, actively monitor suspicious activities, and understand the implications of built-in features that can be exploited by attackers. For more information, watch the full video at the following address: https://www.youtube.com/watch?v=QG_BijoS8G0