meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, April 24th 2020

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 24 April 2020

⏱️ 7 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GCC Adds Security Analyzer; IBM Spectrum Protect Flaw; GPU Radio; Red Team Platforms

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, April 24, 2020 edition of the Sansonet Storm Center's Stormcast.

0:07.0

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

0:13.0

Yesterday I mentioned that OpenSSSL released an update fixing one denial of service service vulnerability CV 2020-1967.

0:24.6

While the vulnerability isn't really all that noteworthy, I find, it's after all just a

0:30.6

denial of service vulnerability. What's sort of interesting is a little bit the backstory that was now

0:35.6

released about this vulnerability in how it was found. Developers are not only sort of releasing code faster as part

0:44.6

of this DevOps movement, but also are trying to sort of integrate more and more security

0:49.6

tools into the development process. And open source software is certainly not falling behind here.

0:57.4

The Knew C compiler, also known as GCC, is including in its latest version, version 10, static

1:05.1

code analysis tool in the compiler itself.

1:08.5

So the compiler can warn you about any potential security problems.

1:13.4

And apparently this new feature in GCC did lead to the discovery of this vulnerability in OpenSSL.

1:23.0

I think it's so far also interesting that OpenSSL, of course, over the last few years has gotten a lot of attention, so it has been audited, has been run through some tools like this.

1:34.6

So nice to see how this new tool in GCC immediately led to discovery of a new flaw, and of course also to fixing the new flaw.

1:45.0

And IBM patched a critical vulnerability in its Spectrum Protect Server.

1:51.0

This is a fairly sort of massive complex enterprise backup system.

1:57.0

And the vulnerability stack-based buffer overflow can lead to arbitrary remote code execution

2:03.6

and has been assigned a CBSS score of 9.8, which is almost as high as it goes.

2:11.6

So if you're running this software, this server, please make sure that you patch it. Now, typically, this is sort of at the

2:19.3

core of the enterprise. There's nothing that should ever really be exposed, but of course,

2:25.3

being responsible for all the backups within a company, there is a lot of data that an attacker

2:31.7

would have access to if they can compromise this server.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.