SANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 16 April 2025
⏱️ 6 minutes
🧾️ Download transcript
Summary
Online Services Again Abused to Exfiltrate Data
Attackers like to abuse free online services that can be used to exfiltrate data. From the originals , like pastebin,
to past favorites like anonfiles.com. The latest example is gofile.io. As a defender, it is important to track these services to detect exfiltration early
https://isc.sans.edu/diary/Online%20Services%20Again%20Abused%20to%20Exfiltrate%20Data/31862
OpenSSH 10.0 Released
OpenSSH 10.0 was released. This release adds quantum-safe ciphers and the separation of authentication services into a separate binary to reduce the authentication attack surface.
https://www.openssh.com/releasenotes.html#10.0p1
Apache Roller Vulnerability
Apache Roller addressed a vulnerability. Its CVSS score of 10.0 appears inflated, but it is still a vulnerability you probably want to address.
https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f
CVE Funding Changes
Mitre s government contract to operate the CVE system may run out tomorrow. This could lead to a temporary disruption of services, but the system is backed by a diverse board of directors representing many large companies. It is possible that non-government funding sources may keep the system afloat for now.
https://www.cve.org/
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Wednesday, April 16th, 2025 edition of the Sands and under the Storm Center's Stormcast. |
| 0:08.4 | My name is Johannes Ulrich, and today I'm recording from Orlando, Florida. |
| 0:13.7 | Xavier today wrote a diary about, well, a little bit of old problem, and that's the abuse of free file transfer services. As Xavier puts it, why create your |
| 0:24.0 | own complex command control channel if all you need is a simple HTTP post to a well-known |
| 0:30.9 | free file hosting service that may even be considered legitimate and as such raise less suspicion than some kind of |
| 0:39.8 | interesting custom domain. The latest one that Xavier ran into here is gofile.io. Now, |
| 0:49.9 | Xavier also points out there is an older one that he still keeps seeing, and that's Anon |
| 0:55.5 | file. |
| 0:56.0 | In a particular piece of software that Xavier actually found here, GoFile is used by default, |
| 1:03.0 | but if GoFile fails, it actually then falls back to Anon File. |
| 1:07.2 | Now, the interesting part is that Anon File has been dysfunction now for a couple of years, as such, falling back to it. |
| 1:15.8 | It doesn't really make much sense, but well, this may just be sort of a modification to an existing script. |
| 1:22.6 | Xavier also lists a few common other domains that are being used for this data exfiltration. |
| 1:29.4 | So definitely something you do want to pay attention to. |
| 1:32.1 | In particular, these dysfunction services, given that attackers still attempt to use them, |
| 1:38.2 | putting in some kind of DNS rules or so trying to figure out is someone attempting to connect to them. |
| 1:44.7 | Certainly makes some sense for malware detection in your network. |
| 1:51.6 | And if you have a new version of the SSH, a Demon OpenSSH, released version 10.0. |
| 1:58.8 | Now, this is a functional version update, so while it does provide some security |
| 2:03.9 | improvements, it doesn't necessarily fix vulnerabilities. There are two major sort of changes |
| 2:10.5 | from a security point of view. First of all, the addition of quantum safe ciphers. And secondly, there is now a new SSHD auth demon that takes care of user authentication. |
| 2:24.0 | The idea behind this is that the pre-authication attack surface is sort of disassociated from the rest of the SSH demon. |
... |
Transcript will be available on the free plan in 11 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.