meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, August 21st, 2023

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 21 August 2023

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Zalando Phish/RAT; WinRAR Code Exec; Hotmail SPF Fail; Ivacy VPN Cert Abused; Chrome Extension Warning;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, August 21st, 2003 edition of the Santernet Storms' Stormcast. My name is Johannes Ulrich, and that I'm recording from Jacksonville, Florida.

0:14.1

Over the weekend, we got a quick malware analysis from Xavier. Xavier looked into a malicious email that claimed to come from Salando.

0:23.9

Salando is a German clothing, a shoe retailer,

0:28.5

and well, this particular malicious email did include a zip file.

0:32.8

Xavier is going over the de-obfuscation of the included code, which will somewhat predictable download additional files to the system, which then in the end turn out to be a remote access, toll, an older version of Net Support Manager.

0:51.5

Various total scores are reasonable but not great, even though this is nothing

0:55.8

really all that special. Five out of the 71 undervirus engines in VirusTotal are recognizing

1:03.0

this particular file as malicious. Xavier also includes the domain name used by the command

1:10.6

and control server.

1:13.5

In popular Windows file compression utility, Winrarr patched a vulnerability that could lead

1:20.8

to arbitrary code execution. The vulnerability was reported via the Saraday initiative,

1:27.1

a user by the handle of Goodbye Eslane, if I pronounce it correctly, has a report and found this vulnerability.

1:35.7

This vulnerability is triggered by the processing of recovery volumes with VINRAR.

1:42.5

Exploitation, of course, requires that a victim is opening a malicious file with VINRA. Exportation, of course, requires that a victim is opening a malicious file with Winrard.

1:49.5

Getting SPF records configured correctly isn't always easy in particular if you're dealing

1:55.1

with a very large domain where you have a large list of mail centers in particular, where you are sort

2:03.0

of delegating mail sending to other organizations and other domains.

2:08.8

And as an example, what happens?

2:10.2

Well, apparently hotmail this week and had some issues with its DNS SPF record.

2:15.3

One component that was including a large number of authorized mail servers was removed and as a result, many hotmail users reported that their email was marked as spam.

2:30.5

The issue was fixed late on Friday apparently, but of course with DNS sometimes taking

2:37.0

some time to propagate properly. There may be a delay in the fix actually being registered

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.