ISC StormCast for Friday, November 8th 2019
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 8 November 2019
⏱️ 7 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Friday, November 8th, 2019 edition of the Sands and its Storms on a Stormcast. |
| 0:07.3 | My name is Johannes Ulrich, Entertainment recording from Jacksonville, Florida. |
| 0:12.9 | Adobe released an update for its mobile software development kit that does fix a problem with how the software development kit was connecting to Adobe's |
| 0:25.0 | cloud services by default. The problem here was a default configuration that shipped with |
| 0:31.9 | the SDK and this default configuration did not use TLS. |
| 0:38.3 | It's actually not uncommon that in developed environments, TLS is not used. |
| 0:44.3 | Not necessarily a great idea, but then of course you should adjust the configuration when you're moving applications live, |
| 0:53.3 | which here apparently often didn't happen. |
| 0:56.9 | So Adobe now release an update with more secure default settings for its SDK. |
| 1:04.1 | Still, if you use this SDK or any other SDK, always verify the settings and make sure they're appropriate for your application. |
| 1:15.8 | And QNAP continues to have issues getting rid of the QSnatch malware that takes advantage of |
| 1:22.1 | vulnerabilities, but also weak configurations like weak username and password combinations in QNAP's network storage devices. |
| 1:32.9 | Yes, I'll say it again, you should not connect them directly to the internet, but still QNAP |
| 1:39.1 | has some decent advice here. First of all, you should keep the software updated on these devices. |
| 1:45.6 | And then they also now have a security counselor, which they just updated, that will walk you |
| 1:51.7 | through some of your configuration choices, as well as a malware remover that you can use |
| 1:57.7 | to essentially check and remove commonly seen malware that specifically does attack |
| 2:05.1 | the QNAP device. It's a little bit different from a generic antivirus check-in that it specifically |
| 2:11.4 | looks for malware that's known to attack the QNAP device. KNAP's latest advisory that was released last week has some decent first steps to make sure |
| 2:23.8 | that your QNAP network accessible storage device is reasonably secure. |
| 2:31.4 | And TrustWaves Spider-Lab came across an interesting use of malformed SIP files. |
| 2:39.0 | Now this is not an uncommon trick where an attacker is creating a file that appears to be invalid. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.