meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, June 17th 2016

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 17 June 2016

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Adobe Patches Critical Vulnerability;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, June 17, 2016 edition of the Santern and Storm Center's Stormcast.

0:07.1

My name is Johannes Orrich, and I'm recording from Washington, D.C.

0:11.4

Adobe today released a patch for Flash Player.

0:15.9

This patch is a vulnerability that has originally been reported on Tuesday as a vulnerability that is currently

0:24.1

being exploited in targeted attacks. So this is a patch now type of update that you should

0:32.9

apply as soon as possible. It does fix a number of additional vulnerabilities as well, not just

0:39.9

the one that's already being exploited. Trend Micro is reporting that at least part of the

0:46.3

problem that the users recently had with Team Viewer maybe due to Trojanized version of Team team viewer. Trend Micro did find a couple of instances

0:58.3

where old versions of team viewer were trojanized in the sense that they collected

1:03.5

usernames and passwords of users. Now the versions they found were mostly version six of Team Viewer, which was distributed between December 2010 and November 2011.

1:17.6

Now according to some related media reports, Team Viewer did reiterate that they believe that most of the compromises that they have seen are due to password reuse,

1:29.8

where users did use Team Viewer passwords on other sites, and then these other sites were compromised,

1:37.8

and the passwords were used in order to compromise the TeamVore account.

1:43.3

And the US Industrial Control System cert does warn users of Siemens'

1:49.7

Sematic WinC devices of weekly protected credentials.

1:54.5

What this means is that credentials to authenticated device are transmitted in the clear. A patch may be available from

2:03.7

Siemens, so if you're using these particular devices, make sure that you are keeping them

2:09.6

up to date. And in general, of course, it is recommended to isolate industrial control systems

2:15.4

on a separate network to limit their network exposure

2:20.2

and if necessary to use VPNs in order to protect the network traffic.

2:26.8

And GitHub noticed the unauthorized access of a large number of user accounts and as a result reset those users passwords.

2:38.0

Apparently the problem here is something that we have seen before and well I just mentioned it with Team Viewer

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.