New Internet Storm Center Video Discusses Critical Cybersecurity Topics

In this new video from the Internet Storm Center's Stormcast, Johannes Ullrich discusses several crucial cybersecurity topics. He begins by addressing the 2021 SonicWall vulnerabilities, which continue to be exploited. Although the types of attacks remain qualitatively the same, the quantity of these attacks has significantly increased, reaching a higher order of magnitude. Ullrich highlights a particular network, 141.98.8.0, belonging to Global Host, a low-cost hosting provider often used to launch malicious scans. He points out that these low-cost services are often accompanied by limited support and an inability to respond to abuse complaints. Ullrich then moves on to an important update for Google Chrome, which is now at version 136. This update fixes two vulnerabilities detected by external sources, as well as several other issues identified by internal audits. One of the flaws is already being exploited in the wild, making the update even more critical. Ullrich recommends restarting Google Chrome at least once a day to ensure that updates are applied. The vulnerability in question concerns the link headers sent for subresource requests and the referrer policy that is not correctly applied, leading to a potential leak of URL parameters. Another topic discussed is the discovery of backdoor versions of the RV Tools, used to obtain dashboards and performance data from VMware environments. Contrary to previous reports suggesting that malicious advertisements directed users to compromised sites, a new analysis by Surlabs.net indicates that the malicious version could come directly from the official RV Tools site. Ullrich advises caution when using RV Tools, as compromised versions may have been recently distributed. Finally, Ullrich mentions an EAD report on the exploitation of cross-site scripting (XSS) vulnerabilities in webmail systems, particularly by threat actors linked to Russia. He explains that creating a webmail system is extremely complex due to the need to render HTML received from emails within the webmail application. The main targets appear to be webmail servers managed by various government entities, which, for political and legal reasons, cannot always use major US-based cloud service providers. In conclusion, this video provides valuable insights into current threats and best practices in cybersecurity. The information shared can be applied in real-world scenarios to improve the security of systems and networks.