meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, July 26th 2019

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

News, Tech News

4.9754 Ratings

🗓️ 26 July 2019

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. When Users Attack; BlueKeep in Canvas; Darkmatter Cert Nixed; Johannesburg Ransomware

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, July 26, 2019 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich.

0:09.3

I'm recording from Jacksonville, Florida.

0:13.6

Well, we got sort of a nice theme going this weekend with our Diaries at the United Storm Center, and it's all about people and what could possibly go

0:22.9

wrong with various user accounts. So today we have Rob talk about how to restrict access for

0:31.3

in particular administrators and also limited administrator access to people that actually

0:36.6

needed. Rob of course a big fan of the critical controls is you and also limit administrator access to people that actually need it.

0:44.0

Rob, of course, a big fan of the critical controls is using those critical controls to outline some of the steps that you can take in order to make your network more secure.

0:49.5

For example, by using crew policy objects and restricting where administrators can actually log into.

0:58.9

One of the important things that Raw points out is that these controls have to also take into account that administrators should never use software like email clients or web browsers as administrator. They should always use

1:14.0

their own lower product accounts for these high-risk activities. So some interesting ideas

1:20.7

here from Rob and certainly will make a great weekend read if you haven't read it yet.

1:27.4

And yet more news about the Blue Keep vulnerability.

1:31.3

That's the famous RDP vulnerability where everybody is waiting for the big exploit to come out.

1:38.3

Well, there is now an exploit available as part of immunity's Canvas penetration testing tool.

1:46.4

Now Canvas is a pretty expensive commercial package.

1:49.4

I think licenses run around sort of $30,000 a year, so nothing your average criminal would

1:56.1

necessarily purchase.

1:58.3

But in the past, it has happened that Canvas exploits have leaked soon after

2:04.0

they were included in the product, just because, for example, a customer of Canvas was compromised.

2:11.4

But what this means is that certainly for some of the more sophisticated attackers, $30,000 may not be that much and they

2:21.2

may already have a copy of Canvas anyway for other purposes. So would certainly make sure

2:28.5

yet again that you are patched for Blue Keep and this will put a working exploit in reach of more attackers.

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.