New Cybersecurity Threats Discussed in Latest Internet Storm Center Stormcast

In the July 17, 2025 edition of the Sans Internet Storm Center Stormcast, Johannes Ullrich, recording from Washington DC, addresses several crucial cybersecurity topics. The first issue discussed concerns a series of attacks exploiting a file-sharing service called Catbox. The domain used by this service is catbox.moe, and around 600 different URLs have been captured abusing this service. Like any free file-sharing service, Catbox can easily be used to distribute malware. Although the Catbox website claims not to allow the hosting of .exe files and similar, it seems they only check the file extension. Extensions like .dll can be used to bypass these filters. Ullrich recommends blocking access to this service, as it does not seem particularly useful for businesses. Additionally, the use of new generic top-level domains like .moe can often indicate suspicious activity. Another important point addressed is the compromise of fully patched Sonic Wall SMA 100 devices. Although these devices are end-of-life, the compromised ones were fully patched. Google's Threat Intelligence Group has published details on this compromise, indicating that attackers used past vulnerabilities to retrieve credentials, including seeds for multi-factor authentication. The attackers are now returning to compromise the devices using these credentials collected during previous attacks. This underscores the importance of renewing credentials, including seeds for multi-factor authentication, whenever a vulnerable device is discovered. Finally, Ullrich discusses an attack called "render shock." This attack exploits modern tools that render various file formats in the background, thereby exposing systems to vulnerabilities. These tools include indexing programs, preview programs, and file managers. When a user receives an email attachment but does not open it, the file can be analyzed by these different renders, which can execute code or reach URLs like SMB URLs, leading to credential leaks. Although this threat is not new, it remains relevant and requires constant vigilance. In conclusion, this video provides a valuable overview of current cybersecurity threats and the measures to take to protect against them. The information presented can be applied in real-world scenarios to strengthen the security of systems and networks.