SANS Internet Storm Center Stormcast: May 29, 2025 Edition Highlights
In the May 29, 2025 edition of the SANS Internet Storm Center Stormcast, Johannes Ullrich discusses several crucial topics in cybersecurity. One of the highlights of the episode is an experiment conducted by Jennifer Wilson, an undergraduate student, who used advanced language models like ChatGPT to analyze artifacts recovered from a honeypot. The artifact in question was a file with an unusual hexadecimal name, which triggered the investigation. Through in-depth interaction with ChatGPT, Jennifer discovered that this file was associated with Telegram Desktop and contained encryption keys. This discovery underscores the importance of asking the right questions and not accepting initial answers without verification. Another topic covered is a ransomware attack observed by Sophos, which exploited unpatched instances of Simple Help, a tool often used by managed service providers (MSPs). The attackers targeted MSPs rather than the victim companies directly, allowing them to gain full control of the victims' networks. This method is particularly dangerous for small businesses that rely on MSPs to manage their networks. Johannes emphasizes the need for MSPs to ensure their tools are properly patched and secured. Next, Johannes talks about a critical vulnerability in equipment from the company Evers, primarily used in the broadcasting field. This vulnerability allows for unauthenticated remote code execution, meaning an attacker can run malicious code on affected devices. The vulnerability was discovered by OneKey, who attempted to contact Evers without success. In the absence of a patch, it is crucial to ensure that these devices are not exposed to the internet. The episode concludes with a reminder of the importance of vigilance and regular system updates to protect against cyber threats. Johannes thanks the listeners for their loyalty and encourages them to leave positive reviews and recommend the podcast to their friends. For more details, watch the full video at the following address: https://www.youtube.com/watch?v=6ECzzA2Xnug