SANS Internet Storm Center's Stormcast: June 10, 2025 Edition

In this June 10, 2025 edition of the SANS Internet Storm Center's Stormcast, Johannes Ullrich presents several interesting and relevant topics for cybersecurity professionals. Firstly, Johannes introduces a new tool called OctoSQL. This tool allows reading files in various text formats such as JSON, CSV, and tab-delimited, and executing SQL queries on their content. This greatly simplifies data analysis, regardless of the file format. Russ, a contributor, uses OctoSQL to query the NVD JSON database to identify vulnerabilities specific to certain products. This approach allows joining vulnerability information with product identifiers, making the tool particularly useful for security analyses. Next, Johannes addresses a recent vulnerability in Mi surveillance software. This vulnerability, although similar to others already known, is exploited by Mirino, a cybercriminal group. Mirino also uses a vulnerability related to Vazoo, an open-source tool for incident detection and response. This vulnerability, discovered in April, highlights the importance of not exposing the dashboards and APIs of such tools directly on the Internet. Firewall restrictions and security rules must be carefully configured to protect these systems. Another topic discussed is the introduction of a new public recursive resolver, this time managed by the European Union. This resolver is designed to meet the EU's privacy requirements and offers various levels of filtering. Although the EU hopes to transfer the management of this service to a private entity, it is crucial to consider whether the managing entity can be trusted. Johannes compares this new service to existing ones like those from Google, Cloudflare, and Cisco, highlighting the advantages in terms of speed and filtering. Finally, Johannes discusses recent complications for WordPress users due to legal issues between the platform's main supporters. These conflicts have made it difficult to update WordPress packages and add-ons. To address this problem, the Linux Foundation has launched a new package manager project called "fair." This project aims to provide an independent method for keeping WordPress packages up-to-date, thereby improving the security and stability of WordPress sites. In conclusion, this edition of the Stormcast offers a wealth of valuable information for cybersecurity professionals, covering innovative tools, critical vulnerabilities, and practical solutions to enhance system security.