meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, July 21st, 2023

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

News, Tech News

4.9754 Ratings

🗓️ 21 July 2023

⏱️ 4 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Obfuscated .bat file; Citrix CVE-2023-3519 IoCs; ssh-agent exploit; MegaRAC Vuln;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Friday, July 21st, 2020, 3 edition of the Sandsenet Storm Center's Stormcast.

0:08.6

My name is Johannes Ulrich.

0:10.2

And today I'm recording from Jacksonville, Florida.

0:15.0

Still a little bit under the weather, so trying to keep this reasonable short here.

0:19.7

But we got a couple things to talk about here. First

0:22.8

of all, in Diaries, we got a dot-bat file from Xavier, where Xavié is walking you again

0:30.1

through some de-offuscation. So for the malware analysts out here, certainly a worthwhile

0:37.1

read to see how to purify the code from obfuscation, how to use Cyber Chef, but it's actually just, I think, released version 10, and how to then analyze the resulting code.

0:50.4

And for the Citrix users out there looking for more help figuring out if your Citrix ADC or NetSkiller device is already compromised.

1:00.2

A blog post on Data.net has a checklist walking you through different items that you should check in order to verify if your particular device was already attacked by this CVE 2020-3-35-19 vulnerability.

1:17.9

And Qualis provided some instructions on how to exploit a recent open SSH vulnerability.

1:24.5

CVE 202338408. It's a vulnerability and SSH agent. SSAH agent is a tool that allows

1:33.6

you to manage private keys and easily forward privacy keys as you sort of connect from one

1:39.4

system to another. It's always considered a little bit a risky tool to use, but what I found here

1:45.3

was a way how an attacker who already has some access to the system is able to then basically

1:51.5

get a user using SH agent to execute arbitrary code on the attacker's behalf. Pretty interesting

1:59.7

exploit here, pretty lengthy description also,

2:02.7

but all the details needed to actually exploit it are in this post. And VMware released an update

2:11.5

for the Spring Framework that's maintained by VMware. The update does fix a flaw in the configuration file

2:21.8

where if you're using double wild cards, so basically asterix, asterix, well, you create

2:28.0

patterns that can be bypassed if you're trying to use that for any kind of access control.

2:35.7

And then we have yet another vulnerability in a basement management controller.

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.