SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, August 11th, 2025: Fake Tesla Preorders; Bad USB Cameras; Win-DoS Epidemic
Aug 11, 2025
Beware of fake Tesla websites tricking users into sharing credit card information for nonexistent preorders. In a shocking twist, compromised USB devices can act like keyboards to inject malicious commands. Additionally, learn about a concerning epidemic where internet-exposed domain controllers are exploited for powerful denial of service attacks, emphasizing the need for strong security measures. Stay informed and protect yourself from these modern cyber threats!
AI Snips
Chapters
Transcript
Episode notes
Fake Tesla Preorder Scam
- Google shows sponsored Tesla lookalike sites that take preorder credit cards.
- Johannes Ullrich used a fake card and the checkout accepted it without charging.
USB Devices Can Become Persistent Implants
- Compromised USB firmware can turn devices like Linux webcams into persistent implants.
- Johannes Ullrich notes they can emulate keyboards to inject keystrokes and stay out of endpoint protection.
Avoid Internet-Exposed Domain Controllers
- Avoid exposing domain controllers to the internet.
- Enable rate limiting and block RPC/LDAP referral abuse to prevent Win-DoS amplification.