A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Tuesday, June 24th, 2025: Telnet/SSH Scan Evolution; Fake Sonicwall Software; File-Fix vs Click-Fix
June 24, 2025
4:03
0.74 MB ( 2.65 MB less)
Downloads: 0
Quick Password Brute Forcing Evolution Statistics
After collecting usernames and passwords from our ssh and telnet honeypots for about a decade, I took a look back at how scans changed. Attackers are attempting more passwords in each scans than they used to, but the average length of passwords did not change.
https://isc.sans.edu/diary/Quick%20Password%20Brute%20Forcing%20Evolution%20Statistics/32068
Introducing FileFix A New Alternative to ClickFix Attacks
Attackers may trick the user into copy/pasting strings into file explorer, which will execute commands similar to the ClickFix attack that tricks users into copy pasting the command into the start menu s cmd feature.
https://www.mobile-hacker.com/2025/06/24/introducing-filefix-a-new-alternative-to-clickfix-attacks/
Threat Actors Modify and Re-Create Commercial Software to Steal User s Information
A fake Sonicwall Netextender clone will steal user s credentials
https://www.sonicwall.com/blog/threat-actors-modify-and-re-create-commercial-software-to-steal-users-information