meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, April 19th, 2024

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

News, Tech News

4.9754 Ratings

🗓️ 19 April 2024

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Delinea PoC; Ivanti Avalanche PoC; Advanced Phishing Campaign; go-getter update; OfflRouter Virus

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Friday, April 19th, 2020, 4 edition of the Santernet Storm Center's Stormcast.

0:08.0

My name is Johannes Ulrich, and today I'm recording from Washington, D.C.

0:13.2

And we now have a public proof of concept and more details for the delinear secret server vulnerability or ticotic as it used to be known as.

0:25.4

This particular vulnerability allows an unauthenticated user to gain access to the API on these devices.

0:34.3

Interesting vulnerability and sort of one of those tricky authentication bypass

0:40.0

vulnerabilities that you often run into when developers try to something fancy, different,

0:45.2

and don't quite understand all the precautions of the authentication schemes they come up with.

0:51.0

The problem here is that, first of all, there's a user ID that's just encrypted

0:56.1

with a static key. So pretty easy to find the static key in the code and then create your

1:01.8

own encrypted user ID. Just simply impersonating the user with this encrypted user ID was not

1:09.6

possible initially because there was also a

1:12.4

timestamp that was linked to a random UUID that was not predictable.

1:18.5

But turns out if this UUID is just removed and the expiration date of the session, then

1:24.7

well, that check is skipped and an attacker is able to log in as any user.

1:31.5

Exploitation of this is pretty straightforward based on this blog post.

1:36.1

The blog post was published by Johnny Wee, who did initially also find and report the vulnerability to the linear.

1:44.9

And thanks to Tenable, we also now have additional details and a proof of concept exploit

1:50.3

for the Yvante Avalanche heat buffer overflow, something I mentioned earlier this week.

1:56.5

So both Delania and Yvante, you should patch these products before you leave for the weekend.

2:05.2

Typically, fishing campaigns don't really get me that excited, but Lookout has a nice write-up about a bit more sophisticated fishing campaign in terms on how they are impersonating their targets.

2:18.8

First of all, these phishing emails or actually SMS messages as they show up as are

2:24.6

targeting specific individuals, then the link the particular SMS message then connects to

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.