meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, April 2nd, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 2 April 2021

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. April PCAP Quiz; Coinhive Update; Forensicating BITS; More Water Trouble; QNAP Vulns

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, April 2, 2021 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich, and the I'm recording from Jacksonville, Florida.

0:14.8

And we got again one of Brad's famous quizzes. Now, this time he goes beyond the actual pact captures and has an entire

0:23.9

little forensics challenge for you. You can download the evidence from Pratt's GitHub

0:31.2

repository and well, this month, we also have a price for you. More details about how to submit your answer

0:38.7

and what the exact questions are you can find in the diary. The price will be a raspberry pie,

0:46.8

and please submit your answer before, well, Brad's answer is being posted in about a week,

0:56.9

and we will then select sort of randomly among the correct answers, the winner of the Raspberry Pi. And unlike Brad sort of

1:04.5

guessed in his diary, it's actually a new Raspberry Pi 4 that will be giving away. And remember Coinhive? Coinhive

1:15.0

was a company that set up a service that made cryptojacking really easy by offering JavaScript

1:22.0

that you could inject into a browser to mine Monero with Coin Hive's help.

1:29.9

About two years ago, Coin Hive was dismantled.

1:34.5

The domain no longer resolved in part because of legal pressure,

1:38.8

because a lot of these scripts, of course, were used for legitimate purposes.

1:48.7

Turns out that Troy Hunt was given access to domains related to Coin Hive, and he's now trying to notify remaining victims. Just by essentially

1:57.9

allowing the domain to resolve again, he was able to see that there are

2:01.9

still many, many sites out there that remain compromised by the Coin Hive script.

2:08.9

So what he started doing now is to actually inject a little pop-up box into these sites

2:15.4

by essentially serving his JavaScript instead of the original

2:19.6

Coin Hive JavaScript and notifying visitors that this site is compromised and trying to

2:27.1

launch a crypto coin miner. The hope is to eventually alert, of course, system administrators

2:32.8

for these sites and have these sites cleaned up.

2:36.5

It's, of course, very likely that there's other malicious content in these sites,

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.