SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, July 17th, 2025: catbox.moe abuse; Sonicwall Attacks; Rendering Issues
Jul 17, 2025
The discussion highlights the alarming misuse of the file-sharing service catbox.moe as a malware host. Experts dive into an ongoing campaign targeting SonicWall devices, revealing the extensive exploitation via the OVERSTEP backdoor. Additionally, a new zero-click attack strategy, known as RenderShock, showcases a dangerous method of weaponizing trust in file rendering processes, allowing attackers to launch sophisticated payloads without user interaction. Cybersecurity vulnerabilities are explored alongside vital mitigation strategies.
AI Snips
Chapters
Transcript
Episode notes
Block Malware-Abused File Sharing
- Catbox.moe free file-sharing is abused for malware distribution despite blocking .exe files by extension only.
- Consider blocking access to catbox.moe as it's often abused and provides little business utility.
Rotate Credentials After Patch
- When vulnerable devices are patched, also rotate credentials especially MFA secrets as attackers might reuse leaked ones.
- This is critical to prevent re-compromise of previously vulnerable SonicWall SMA 100 devices.
Risks of File Rendering Pipelines
- Background rendering in file preview and indexing pipelines creates zero-click attack surfaces.
- These renderers, trusted by OS and applications, may execute code or leak credentials without user interaction.