ISC StormCast for Friday, June 9th, 2023
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 9 June 2023
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Friday, June 9, 2023 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida. |
| 0:13.7 | Today I wrote a quick diary about some scans that we are seeing targeting Geo Server.-server is an open-source Java-based piece of software |
| 0:24.3 | that allows you to organize geospatial data. |
| 0:28.1 | It offers the typical sort of Tomcat-based GUI in order to allow you to upload and access |
| 0:34.9 | and search data. |
| 0:36.4 | You have seen scans from one IP address in particular, a Russian IP address, |
| 0:43.6 | but also some researchers, like for example Shadow Server, |
| 0:47.1 | are looking for GeoServer instances deployed in the wild. |
| 0:52.1 | GeoServer has had last year a significant vulnerability that allows |
| 0:57.8 | a remote code execution without any authentication. I have set up a full honeypot for GeoServer, |
| 1:06.5 | but after I set it up, well, haven't seen any new scans yet. |
| 1:16.2 | So if there is anything coming, well, maybe next week we'll have more details. |
| 1:20.8 | If anybody has seen any actual attacks other than scanning, please let me know. |
| 1:30.0 | And I've mentioned a couple times in the last two weeks or so about a vulnerability in Barakuta's email security gateway. This vulnerability apparently had been exploited starting October last year, became |
| 1:36.8 | publicly known mid-May, and then Barakuda also released a patch for the vulnerability. However, until then, of course, several of the devices had been compromised. |
| 1:49.8 | And Barakuta now made the somewhat unusual announcement to recommend affected customers to replace their email security gateway. |
| 1:58.2 | So if you believe that your gateway was compromised, you should replace the actual hardware or the virtual appliance. If it was virtual, that's probably easier. No word as to how this will sort of work, like the mechanics of it, in particular for the physical devices. If this is sort of a support warranty action, probably call |
| 2:19.2 | barracuda if you have a support contract with them and inquire on details. |
| 2:25.6 | And several tech news outlets have reported that Google is going to add biometric authentication |
| 2:33.4 | to its desktop password manager that is included in Google Chrome. |
| 2:39.4 | Biometrics has existed for the iOS and Android version of the password manager, but so far not for the built-in version in Google Chrome on the desktop, |
| 2:50.1 | probably trying to better be able to compete |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.