Sans Internet Storm Center Stormcast: April 18, 2025 Edition
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
In this April 18, 2025 edition of the Sans Internet Storm Center Stormcast, Johannes Ullrich welcomes us from Orlando, Florida. He presents a guest article written by Jacob Clay Camp, an intern, on how to get started with malware analysis. Jacob proposes an innovative approach using a free instance of AWS and Chasm Workspaces to create a remote desktop environment in a container, which runs Remnax, Lenny Selzer's reverse analysis environment. This Linux-based setup is easy to reset and isolated from the home network, providing a secure environment for malware analysis.
Jacob illustrates his point with a quick analysis of a Red Tail sample, demonstrating the effectiveness of this method. Another critical topic addressed is a critical vulnerability affecting the Erlang OTP SSH library. This flaw, discovered by researchers from the rural university of Bohome, allows arbitrary code execution without authentication. The CVSS score of this vulnerability is 10.0, the highest possible, due to the severity of the exploit. SSH messages can be executed before authentication is complete, leading to arbitrary code execution.
Users are strongly encouraged to update their systems, although this may require waiting for updates from respective vendors. In the meantime, it is recommended to disable or firewall SSH servers. The Belgian security company Inviso has published a report detailing its recent findings on the Brickstorm backdoor, initially used in Linux and VMware environments but now also found on Windows. Unlike most backdoors, Brickstorm does not have remote code execution capabilities. Instead, it allows attackers to read and write files on the file system and use the affected system as a pivot to scan other systems on the network.
The report includes indicators of compromise and techniques to detect this threat. Finally, OpenAI has released its latest model, GPT-4.1, but this release has sparked security controversies. The model was published without the usual security reports, raising concerns about its ability to create malware. Some security assurances seem to be missing, making it easier to create malware with this model. This situation raises questions about how OpenAI will handle these issues in the future. In conclusion, this edition of the Stormcast provides a wealth of valuable information for cybersecurity professionals, covering topics from malware analysis to critical vulnerabilities and new backdoor threats. The insights shared are essential for staying informed and proactive in the ever-evolving field of cybersecurity.