meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, November 8th, 2024

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 8 November 2024

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious Steam Bruteforcer; Cisco and Veem Patches; ZIP file issues; File Upload Dangers;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Friday, November 8, 2024 edition of the Santernet Storms, Stormcast.

0:08.5

My name is Johannes Ulrich and today I'm recording from Riyadh, Saudi Arabia.

0:14.7

So we today came across an interesting GitHub repo that advertises a Steam account checker. What this particular tool is supposed to do is

0:24.2

for the online gaming distribution platform Steam. It will check for a list of user names and

0:31.4

passwords whether or not they are correct. The only real sort of application I could think of for this kind of tool is some kind of

0:41.6

credential stuffing attack, but well it just says that it's meant to also check your own credentials,

0:49.8

not sure if you really would need a tool like this. But this is not where the story ends.

0:56.4

Anybody running the tool will actually be subjected to an infestiler. The Python script

1:03.6

does include an encrypted, an obfuscated infestaler component that will exfiltrate data to the author, likely providing them with more steam credentials to verify if their tool is working correctly.

1:20.6

And Cisco released a number of patches today.

1:24.6

One of them that sticks out affects their ultra-reliable wireless backhaul

1:31.3

or URWB system.

1:34.3

The vulnerability with a CFSS score of 10 does allow NetHacker with a crafted HP request to essentially use the web-based management interface to execute arbitrary code.

1:49.0

As most web applications run better as Root, Cisco decided to follow this popular design route,

1:56.0

and as a result, any commands executed will have full system access because, well, they are

2:03.7

executed with root privileges.

2:07.3

And talking about the web applications, there's a real great and detailed blog post by

2:13.0

Andrea Menin with Secura Next, who is going over various issues with validating file uploads.

2:22.9

Andrea, not only does an excellent job going over some of the dangers of multi-part form data

2:29.7

and how these structures are often difficult to parse, but also shows examples how various validators, proxies for the most part, and applications like PHP, Node.js and Python are possibly misinterpreting these various multipart form data headers and then leading to bypasses of various

2:54.8

filters, attempting to limit, for example, the upload of web shells. In my opinion, if there are

3:01.5

just two things that you do, if you do allow file uploads, then number one, don't let the user pick the file name.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.