Crucial Cybersecurity Insights from Stormcast's April 16, 2025 Edition
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
In this April 16, 2025 edition of Stormcast from Sans and Storm Center, Johannes Ullrich, recording from Orlando, Florida, addresses several critical topics in cybersecurity. The first point discussed is the abuse of free file transfer services for malicious activities. Johannes highlights that attackers prefer using well-known file transfer services rather than creating their own complex command and control channels. This reduces suspicion, as these services are often considered legitimate. He specifically mentions gile.io and anon file, the latter being obsolete for several years, making its use ineffective but still observed.
Johannes advises monitoring these services, even obsolete ones, to detect data exfiltration attempts. Next, Johannes talks about the new version of OpenSSH, version 10.0.0. Although this update does not fix critical vulnerabilities, it introduces significant security improvements. Among these are the addition of secure quantum encryptions and the creation of a new SSHD daemon for user authentication. This separation of user authentication from the rest of the SSH daemon reduces the pre-authentication attack surface, which is a significant advancement.
Johannes recommends not rushing to update but waiting until the new version is integrated into preferred Linux distributions. Another topic discussed is a vulnerability in Apache Roller, a Java-based group blogging software. The vulnerability allows an attacker to retain access to an account even after the user changes their password, as existing sessions are not invalidated. Johannes expresses skepticism about the CVSS score of 10 assigned to this vulnerability, suggesting it might be exaggerated.
He nevertheless recommends fixing this vulnerability, leaving users to judge the urgency of this correction. Finally, Johannes mentions a potentially disruptive news: the MITRE contract to operate the CVE system might no longer be funded. Although this does not necessarily mean the end of CVE numbers, there could be temporary disruptions in the assignment of vulnerability identifiers. The CVE system, supported by a board of large companies and industrial organizations, is crucial for identifying and managing vulnerabilities. In conclusion, this edition of Stormcast offers valuable insights into current cybersecurity trends, important software updates, and the potential implications of changes in vulnerability management. For more details, watch the full video at the following address: https://www.youtube.com/watch?v=wEyJ4r0N9Aw