ISC StormCast for Friday, June 8th 2018
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 8 June 2018
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Friday, June 8th, 2018 edition of the Zanzan and Storm Center's Stormcast. |
| 0:07.0 | My name is Johannes Ulrich, and today I'm recording from Augusta, Georgia. |
| 0:12.0 | On Thursday, Adobe released a surprise update for Flash Player. |
| 0:17.0 | This update fixes a single vulnerability, which apparently has already been exploited |
| 0:23.5 | in attacks against targets in the Middle East. |
| 0:27.7 | So at this point, only in very specific targeted attacks, there is no public exploit available |
| 0:34.9 | as far as I can tell, but you probably should patch this vulnerability |
| 0:40.9 | quickly and researchers with Eclipse published a blog post with details regarding |
| 0:48.0 | two vulnerabilities in super micro firmer super micro is quite popular in the server space and also some |
| 0:58.5 | security appliances are based on Super Micro hardware. Now the two vulnerabilities |
| 1:05.0 | aren't necessarily easily exploitable. The first one and I think probably the more |
| 1:09.8 | critical one here is a misconfiguration of the flash descriptor region. |
| 1:15.6 | This is a specific region that's used for flash memory and typically it should be immutable. |
| 1:23.6 | But apparently in some super micro systems this region is actually writable, so malware on the system may be able to override this region. |
| 1:34.3 | The second vulnerability I consider less problematic because exploitation requires physical access to the server and that's essentially insecure updates. So an attacker with physical access to the server and that's essentially insecure updates. |
| 1:45.3 | So an attacker with physical access to the server may install a malicious firmer update. |
| 1:51.9 | While this attack is difficult to perform, it's also very difficult to detect and to recover from. And FOSCAM, the manufacturer of popular low-cost video cameras, |
| 2:06.6 | has released firmware updates that you probably should apply rather quickly. |
| 2:13.6 | These updates fix three different vulnerabilities. |
| 2:16.6 | No details have been released yet, just a very generic blog post by the team that actually discovered these vulnerabilities. |
| 2:27.3 | But based on recent history, it probably won't take too long for details about these vulnerabilitiesabes to become known and for exploits to take |
| 2:37.4 | advantage of them regardless of whether or not you're applying in this update you should never |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.