SANS Storm Center Stormcast Podcast Highlights Cybersecurity Updates and Threats
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
In this April 15, 2025 edition of the SANS Storm Center Stormcast podcast, Johannes Ullrich speaks from Orlando, Florida, addressing several critical topics in the field of cybersecurity. Firstly, Johannes mentions an important update to the XOR Search tool, developed by Didier Stevens. Originally an executable, XOR Search is now available as a Python script. This transition not only allows for searching regular expressions but also enables the use of YARA rules to analyze result files. YARA, a powerful tool for identifying and classifying malware, also supports regular expressions, adding an additional layer of functionality to XOR Search.
This update is a significant improvement that allows for more flexible and powerful searching. Next, Johannes discusses important changes regarding TLS certificates. The Certificate Authority Browser Forum has finalized its decision to reduce the lifespan of certificates. Starting March 15, 2026, the lifespan of certificates will be reduced to 200 days, then to 150 days in March 2027, and finally to 47 days in March 2029. To support these changes, Certbot, the certificate management tool from the Electronic Frontier Foundation, has released its version 4.0.
This new version introduces profiles allowing the choice between 90-day certificates and 6-day certificates. By default, Certbot will continue to use 90-day certificates, but users can opt for shorter certificates if necessary. This flexibility is essential for system administrators who need to manage certificates with varying lifespans. Johannes also addresses a new malware threat discovered by Kaspersky. This malware, attributed to a threat actor named "Goofy," primarily targets organizations in Russia.
What makes this malware particularly interesting is its method of propagation via removable devices. Once a system is infected, the malware copies files from connected removable devices and copies itself onto these devices. To deceive users, it replaces an existing document with the malware, then restores the original document once the malware is executed. This subtle technique allows the malware to spread without arousing user suspicion. In conclusion, this edition of the Stormcast podcast provides valuable information on the latest updates to cybersecurity tools, changes in TLS certificate management, and new malware threats. This information is crucial for security professionals who need to stay updated with the rapid evolutions in the cybersecurity landscape. To learn more, watch the full video at the following address: https://www.youtube.com/watch?v=8TZfyGCAXsE