Crucial Cybersecurity Topics Discussed in Sands Internet Storm Center's Stormcast

In the June 17, 2025 edition of Sands Internet Storm Center's Stormcast, Johannes Ullrich discusses several crucial cybersecurity topics. First, he mentions an article from DDA following up on Xavier's article from the previous day. Xavier had talked about extracting data from JPEG files. DDA presents a more efficient tool for this task: JPEG and dump. This tool allows for the easy extraction of data blocks, such as those found by Sabia with DL encoding, and analyzing them with other tools like head, tail, or the bite stats tool. The latter provides details on the composition of specific parts of the file, thus facilitating the extraction of malware. Another topic covered is the new recall feature of Windows 11 announced by Microsoft. This feature takes periodic screenshots of your system, allowing retroactive search of items of interest through Microsoft's AI. However, this feature has raised privacy concerns, especially in Europe. To address these concerns, Microsoft has introduced a new feature in the preview version of Windows 11, allowing European users to export and decrypt these data. When activating this feature, a unique encryption key is displayed, which the user must note down to decrypt the exported data later. This feature is currently limited to Europe but could be extended to other regions in the future. Johannes Ullrich also discusses the recent evolution of the Anubis ransomware. This ransomware, used by various groups to launch attacks, now has a "wiper" mode. This means that data is not just encrypted but deleted, making the payment of ransom useless for data recovery. It is therefore crucial to verify if data can actually be recovered before paying a ransom. Finally, Ullrich mentions two significant vulnerabilities in MEL software. The first concerns the MyCollab suite, which suffers from a recently patched path traversal vulnerability. The second is an unauthenticated remote code execution vulnerability in MyPhones, related to the ringtone download function. It is crucial to ensure that these software programs are up to date to avoid any exploitation. This video provides valuable information for cybersecurity professionals, highlighting the importance of staying vigilant against new threats and keeping systems updated. The tools and features discussed can be applied in real-world scenarios to enhance security and data management.