SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, August 25th, 2025: IP Cleanup; Linux Desktop Attacks; Malicious Go SSH Brute Forcer; Onmicrosoft Domain Restrictions
Aug 25, 2025
A significant update on IP address formatting has kicked off the discussion, marking the end of zero-padded addresses. Attacks targeting Indian Linux desktops using .desktop files are on the rise, showcasing the creative tactics of Pakistani attackers. Meanwhile, a malicious Go module is exposing credentials through clever disguises as an SSH brute forcer. Lastly, Microsoft is tightening restrictions on email sending from its onmicrosoft.com domain, aiming to enhance security for its users.
AI Snips
Chapters
Transcript
Episode notes
IP Data Format Modernized
- Johannes Ullrich removed legacy zero-padded IP formatting to restore standard dotted-decimal addresses.
- This change simplifies post-processing and may take time to propagate across legacy data.
Linux .desktop Files Used In Targeted Attacks
- Cyfirma observed Pakistani actors weaponizing .desktop files to target Indian Linux BOSS desktops.
- Attackers disguised malicious launch commands as PDFs, which execute when clicked and seize systems.
Supply-Chain Risk In Malicious Go Modules
- A malicious Go module claiming to brute-force SSH also exfiltrates the user's credentials to its author.
- Go's concurrency makes fast scanners easy, but also makes supply-chain risks more dangerous.