Hello and welcome to the Thursday, July 17, 2025 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Washington, D.C.

And this episode is brought you by the Sands.edu credit certificate program in cybersecurity engineering.

Xavier today wrote up a series of attacks that took advantage of a file sharing box called

Catbox. Catbox.com.com.com. Mo is the domain being used by this file sharing service and

Xavier was able to capture about 600 or so different URLs being abused at this

particular file sharing service. Just like any free file sharing service, it can easily be used

to distribute malware. Now on their webpage, they're stating that they do not allow the hosting

of .exe and similar files, but it looks like they're stating that they do not allow the hosting of dot eXE and similar files,

but it looks like they're really only checking the extension and something like dot dLL or such

is easily used to evade some of the filters being set up by Catbox.

You may want to consider blocking access to this service.

It doesn't look based on a website that it is all that

useful for business purposes.

Also, of course, any use of some of these newer generic top-level domains, like Dot Mo

in this case, is often a good indicator that something suspicious may be happening.

And Google's threat intelligence group has published details regarding a compromise of a fully

patched Sonic Wall SMA 100 devices. These devices are end of life, but the particular device is compromised here, were fully

patched.

Now, this is not a serodei apparently that's being used here.

Instead, what Google believes is happening is that these particular devices were vulnerable

to, in the past, to some of these vulnerabilities

...