meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, April 4th, 2022

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 4 April 2022

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GitLab Patch; ViaSat KA-SAT Details; MacOS Bug Enables Phishing; PEAR Bug Fixed

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, April 4th, 2020 edition of the Sandsenet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

0:13.9

Well, let's start with patches today, and GitLab did release a critical security release, 14.9.2, 14.8.5 and 14.7. are the versions that you should be

0:30.6

running now. There are a total of 17 vulnerabilities that are being addressed in these updates.

0:37.4

The first one is a critical one, and it's a static password that inadvertently is set during Omni-Aid-based registration. And then we have two high stored cross-site scripting vulnerabilities. So this critical Omni-Oath issue that affects you if you're using, for example, Oath, LDAB,

0:57.0

or SAML, in order to authenticate.

0:59.9

In this case, a static password was set for the user that an attacker could then use

1:06.7

to take over accounts.

1:08.9

Probably not hard what that static password is,

1:11.6

and this also affected GitLab.com passwords

1:15.0

and respective passwords have been reset by GitLab.

1:19.9

You probably should do the same for your users after you apply the patch.

1:25.7

The cross-sad scripting issues sound more like something that would be exploited by an authenticated

1:31.3

user.

1:32.3

You have to leave notes or you have to add milestone references in order to exploit this.

1:38.3

Still, this could of course then be used to elevate privileges if, for example, administrator would be exposed to that

1:47.9

cross-side scripting code. So patch, and as usual, if you don't need to, then don't expose GitLab

1:54.0

to the internet. And then we have more details from Viassad regarding the attack against their KASAT network

2:03.6

that took down thousands of modems connected to the network in Europe. Now, it affected just

2:12.5

part of their network subsidiary called SkyLogic was really what was affected here and the modems

2:20.6

were using the two-way service brand. Now, what apparently happened here was sort of two things.

2:28.0

First of all, the initial intrusion happened through unprotected VPN connection.

2:34.8

As often, if you're not doing strong two-factor authentication on your VPN, and by strong, I'm meaning not just an SMS or something like this, you're probably doing it wrong.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.