ISC StormCast for Friday, December 21st 2018
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 21 December 2018
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Friday, December 21st, 2018 edition of the Santernut Storm Center's Stormcast. My name is Johannes Ulrich. And I'm recording from Jacksonville, Florida. |
| 0:12.6 | You may remember Sandbox Escaper, the Twitter handle that was used to publish a couple of Windows Saturdays in the past. Well, Sandbox |
| 0:24.7 | Escaper has a Christmas present for us in that he published yet another Windows |
| 0:31.5 | Saturday exploit that in this case allows for an arbitrary file read. So it's not a huge deal, I would think, |
| 0:39.8 | because you essentially have to run code on the system in order to then read arbitrary files, |
| 0:46.3 | but it's essentially sort of approach escalation because you can also read files that you |
| 0:51.1 | normally would not have access to. The vulnerable function MSI advertised product is typically called by installers in order to advertise |
| 1:00.0 | products and that's the function that runs as system and that can be used to read arbitrary |
| 1:08.0 | files. |
| 1:09.0 | No patch of course available yet and as far as I can tell, |
| 1:12.7 | no response from Microsoft so far. Not much you can do about it other than, well, be careful |
| 1:19.4 | what software you run on your system. And Amnesty International has a great write-up with a summary of different, more advanced |
| 1:30.5 | fishing attacks that they have seen against activists predominantly in the Middle East. |
| 1:36.5 | Now one particular neat feature here is a bypass of two-factor of the occasion. |
| 1:42.7 | Essentially what the attacker does here is that they do set up |
| 1:46.5 | a typical fishing site, but then instead of just collecting your credentials, they actually |
| 1:51.6 | have a copy of Google Chrome that is automated to enter those credentials into the legitimate |
| 1:58.6 | websites. And if there is, is for example a two-factor |
| 2:03.2 | authentication prompt that prompt is just forwarded to the user and if the user authenticates |
| 2:09.7 | using two-factor authentication well then the attacker will add an application specific password |
| 2:16.9 | to the account which of course then will give the attacker will add an application-specific password to the account, which of course |
| 2:18.2 | then will give the attacker persistent access to the account. In addition, Amnesty International |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.