meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, June 17th, 2022

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 17 June 2022

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Houdini is Back; Drifting Cloud; FreeBSD Wifi Xploit; Csico Email Insecurity; Fastjson RCE

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, June 17, 2020 edition of the Sands and at Storm Center's

0:07.8

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

0:14.4

The diary today by Xavier about the Houdini backdoor. Houdini is an old, old back door going back to 2013, but apparently still interesting

0:26.2

enough to be used, and the version that Xavier found was delivered via a JavaScript dropper.

0:33.9

This JavaScript dropper was obfuscated in interesting ways, which Xavier walks you through

0:42.6

how to decode particular obfuscation. In particular, most of the code was actually not used and really

0:49.8

just inserted to confuse analysis of the particular script.

0:55.7

So if you're running into JavaScript like this, you may find Xavier's post.

0:59.6

Usefully also posts the IP address of the command and control server being used here.

1:05.5

Now, one type of vulnerability I try to focus on here in these podcasts is always when we're dealing with

1:13.4

vulnerabilities in perimeter security devices like firewalls and the like and turns out they

1:18.7

are quite often exploited in particular by more sophisticated adversary.

1:24.7

You have an interesting blog post by Walexity. Wlexity took a look at a recent

1:30.9

vulnerability in the Saffos firewall. Sophorst did publish an advisory on March 25th,

1:38.3

describing a remote code execution vulnerability, but Walexis states that they have actually seen exploitation as

1:46.3

soon as March 8th. So about two weeks before the actual vulnerability was made public by

1:55.4

Sophos. Great right up here by Well, Lexity discussing all the different things that the attacker

2:00.5

did and how they may have used this particular vulnerability. Great right up here by Well, like City discussing all the different things that the attacker did

2:00.8

and how they may have used this particular vulnerability in order to gain access to the firewall.

2:08.1

Once having access to the firewall, they then use that access to a play machine in the middle

2:13.0

and modify and breach other systems.

2:18.2

The Zero Day initiative provides us with an interesting write-up created by a researcher who found

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.