SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, August 4th, 2025: Legacy Protocols; Sonicwall SSL VPN Possible 0-Day;
5 snips
Aug 4, 2025 This episode highlights troubling cybersecurity trends, including unusual SSH scans targeting a legacy user, hinting at vulnerabilities in outdated systems. A possible 0-day vulnerability in Sonicwall SSL VPN devices used by ransomware groups raises urgent concerns. Additionally, a stealthy PAM-based Linux backdoor has emerged, evading detection by anti-malware solutions for over a year. Experts discuss the need for vigilance in monitoring authentication settings to mitigate risks.
AI Snips
Chapters
Transcript
Episode notes
Secure Legacy POP3 Accounts
- Remove or disable legacy POP3 user accounts if you no longer use POP3 services.
- Avoid leaving old accounts enabled as they may have guessable passwords like "pop3user" or "123456".
SonicWall SSL VPN Exploit Nuances
- SonicWall SSL VPN devices can be exploited even if fully patched and with credential rotation.
- Multi-factor authentication may be bypassed if one-time passwords are stolen via prior vulnerabilities.
Disable SonicWall SSL VPN
- Disable SonicWall SSL VPN if possible until further details emerge on the vulnerability.
- Closely scrutinize these devices to prevent exploitation by ransomware groups like Akira.