meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, July 9th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 9 July 2021

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. sudo and Python; Fake Kaseya Patches; Sonicwall Exploit; WildPressure MacOS Malware

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, July 9, 2021 edition of the Santonet Storm Center's Stormcast.

0:08.2

My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

0:13.7

Ever needed to give your Python scripts more cranial access to elevated privileges? Well, Sudo, of course, is available on

0:23.6

Unix systems, but by default, Sudo does not usually enable its Python interface. So, Xavier put

0:31.3

together a brief diary describing, first of all, how to compile Sudo with the Python interface enabled and then

0:39.2

how to use it in your Python scripts and take advantage of Sudo's ability to allow elevated

0:45.7

privileges for fairly specific tasks.

0:49.2

And of course, like always with Sudo, be careful how you configure it.

0:52.7

It's often easy to assign privileges that really do more than you expect.

1:01.0

And these last couple days when I talked about Kasea and some of the detection tools that

1:06.0

were distributed, I always mentioned be careful where you download them from and make sure that they are authentic.

1:13.8

Well, it looks like the bad guys as expected are taking advantage of this event and there are a couple of

1:21.0

security companies, among them Malrabites, reporting that they are seeing some emails that are distributing fake security updates.

1:32.0

They're pretty rudimentary done in the sense that there are simple emails with attachments

1:37.7

or in some cases links to websites offering a patch for Kasea and of course what you're getting is not a patch instead you're getting additional malware like for example Cobalt Strike

1:51.4

Not really sure if any Kasea users will actually fall for this. This looks a little bit too obvious these emails that I've seen

1:58.9

But better to be aware and you never know what your users

2:03.4

will click on.

2:05.3

And Kaspersky is reporting that they are seeing a malware campaign that they are calling

2:12.4

wild pressure to spread out onto a Mac OS. Typically, it's spreading on Windows. It's a compiled

2:21.5

Python script, but later versions of this particular Malaver are now checking whether or not

2:28.8

they're running on MacOS and then will adapt themselves in order to support Mac OS.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.