meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, April 27th 2018

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 27 April 2018

⏱️ 7 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New Drupal RCE Used In The Wild; HP iLO Ransomware; ZTE/Hypteroptic Default Password

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, April 27th, 2018 edition of the Sandsenet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

0:12.4

I mentioned the new triple vulnerability yesterday. At the time I talked about an exploit that was available at Pastebin. We have now seen some individual

0:23.9

exploit attempts using this exploit and variations of it. So this is certainly being used

0:31.4

in the wild. Given that this exploit is still a little bit more complex than the old exploit and does appear

0:38.7

to require our vacation.

0:41.1

We don't see quite the volume with it that we have seen with some of the older exploits.

0:48.2

Tom, who is our handler today, has actually experienced one of these exploit attempts earlier today against one of his own

0:57.3

systems. He's writing it up right now as I'm recording this podcast. So hopefully sometime Friday

1:05.0

morning he'll make his write-up live and it talks in more detail about how this particular exploit was used against his

1:13.5

systems. And you probably heard of remote management systems for servers like IPMI or Dell's

1:20.7

DRAC or HP's integrated light out or ILO. All of these systems have a rich history in vulnerabilities and bad configurations

1:31.4

that have been used in the past in order to compromise systems. Now the latest twist on this

1:38.8

happens to hit HP's integrated light out servers. In this case, it appears good old ransomware is used to encrypt disks.

1:48.0

Now, the way this works is that NetHacker first compromises the server via the integrated lights-out

1:56.0

system.

1:57.0

Now, the integrated lights-out system gives NetHacker full control over keyboard, mouse, the integrated lights out system gives an attacker full control over keyboard, mouse,

2:03.1

the screen and disk drives.

2:05.6

So the attacker here will then remotely mount a CD image that essentially includes the encryption software that's being used to encrypt the disk. In addition, a warning banner

2:19.7

is placed on the console that informs the victim that their systems have been compromised.

2:26.5

It's not quite clear how did hacker gain access to the integrated lights out system in this

2:32.1

case, but often this just happens via stupid default.

2:36.8

Now, in the past, there have been vulnerabilities in these systems that allowed for an

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.