SANS Internet Storm Center Discusses New Cybersecurity Threats
In the June 2, 2025 edition of the SANS Internet Storm Center's Stormcast, Johannes Ullrich discusses several critical topics in cybersecurity. The first issue addressed is a new method of hiding malware within PNG images. Unlike steganography, this technique involves simply adding malicious code to the end of the image. PNG images have an end marker, and anything following this marker is ignored by standard image viewers. However, this additional code can be a ZIP archive containing a Python script. One trick used by attackers is to replace the desktop wallpaper with their own image, although this method is considered more of a proof of concept than a real threat. Detection of this type of malware by antivirus software is very low, highlighting the limitations of signature-based detection systems, even with the help of artificial intelligence. Another important topic is the exploitation of a recently patched vulnerability in Cisco IOS software. This vulnerability, related to a hardcoded JSON Web Token (JWT), allowed the download of arbitrary files. Horizon 3 published a blog explaining how to exploit this flaw to perform directory traversal and execute code remotely. Although Johannes has not yet observed any exploitation of this vulnerability in honeypot data, he emphasizes the importance of immediately patching affected systems. Finally, Johannes discusses a vulnerability in a popular discussion forum, patched about a year ago without an official announcement. A recent blog by Carain Security revealed the nature of this vulnerability and how to exploit it. Since the blog's publication on May 23, global scans to exploit this flaw have been observed. The vulnerability allows replacing an ad template with executable PHP code, which is relatively simple to exploit. These discussions highlight the importance of vigilance and regular system updates to protect against new threats. The shared information can be applied in real-world scenarios to improve the security of systems and networks.