SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, July 14th, 2025: Web Honeypot Log Volume; Browser Extension Malware; RDP Forensics
Jul 15, 2025
Honeypot log volumes have surged dramatically, indicating a robust botnet targeting systems like SonicWall. Discover a shocking investigation revealing 18 malicious browser extensions that deceived millions into downloading malware. The discussion also dives into RDP forensics, providing essential techniques for preventing lateral movement and ensuring better incident response. Tune in to learn about the evolving landscape of cyber threats and the vital safeguards that can keep users secure.
AI Snips
Chapters
Transcript
Episode notes
Rising Honeypot Logs from SonicWall Botnet
- Jesse observed a significant rise in honeypot log volumes across all his honeypots recently.
- The increase is linked to a botnet exploiting SonicWall vulnerabilities aggressively.
Browser Extensions Can Turn Malicious
- Some popular browser extensions started out clean but later received malicious updates.
- Malicious versions can monitor user browsing and redirect traffic without raising suspicion due to normal extension permissions.
Remove Malicious Browser Extensions
- Immediately uninstall any browser extensions identified as malicious like Red Direction.
- Limit the number of installed extensions and scrutinize their permissions to protect your browser from spyware.