meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, September 1st, 2023

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 1 September 2023

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cheap Phishing; Unpinnable Actions; Cisco Brute Force; Splunk Vuln; TLD issues

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, September 1st, 2003 edition of the Sansonet Storms, Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

0:14.8

Today, Jan looks at why do we see so many of these simple fishing attacks? And well, the quick answer here,

0:23.0

it's just really easy to pull them off and cheap in doing so. So an attacker doesn't really need

0:29.3

a huge success rate in order to make these attacks work. The sample here was a simple HTML

0:37.3

page. It does, of course, use some obfuscation.

0:41.3

And the victim is directed into opening the HTML page thinking it's an audio file and it's

0:47.3

displaying then a Microsoft login page and stealing credentials. So really easy to pull off. You can probably copy 99% of the

0:56.6

code for a page like this from a prior email that you received and the attacker will get a couple

1:05.1

of passwords probably which is sufficient to make the attack worthwhile given how easy it is to pull off.

1:14.3

And Palo Alto Networks has a blog post describing an interesting attack against GitHub actions.

1:19.8

The problem here is how GitHub deals with action pins.

1:25.8

An action is pinned if only a very specific version of the action is being executed,

1:32.3

meaning a cryptographic hash is first verified that only this particular version of the action is being used.

1:40.3

If later a malicious actor would update the action while a death version would not get

1:47.3

executed. The problem, however, is that there are a couple different ways in Palo Alto goes over

1:53.1

the different methods that can be used here, how one action may include another action. And of course,

2:00.5

you don't need to change the action itself if one of

2:03.9

those dependencies can be altered and with that malicious code could later be inserted into the action.

2:13.1

Interesting concept, not really sure how to fix this, but of course, this is one of the big problems that

2:19.6

people are struggling with when they're dealing with supply chain security, trying to work out

2:24.3

all of these dependencies of dependencies.

2:28.9

And last few days, I've seen a number of references to work done by Rapid 7 regarding attacks against

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.