ISC StormCast for Monday, August 3rd 2020
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 3 August 2020
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, August 3, 2020 edition of the Sansonet Storm and Stormers Stormcast. |
| 0:07.0 | My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida. |
| 0:13.0 | Jan took a look at what pages are being hit on his web server if he adds a certain very popular among bot pages to his Robots. Text file. |
| 0:25.2 | Robots. Text, of course, is supposed to prevent good bots from searching and indexing those |
| 0:32.4 | pages. But, well, this way he sort of is able to essentially identify the bad bots. |
| 0:39.7 | So anything but your Google and other search engines. |
| 0:43.8 | No surprise, WordPress is right up there. |
| 0:47.5 | Now, I stopped sort of mentioning all the different WordPress mobile and abilities in particular in plugins. |
| 0:56.6 | Jan's results also confirm another observation that I had. It's not the missing patches that it usually get you with |
| 1:03.3 | these web applications. It's the weak passwords. The top hit is usually towards login pages, and that's what we see here with Jan's result. |
| 1:14.7 | Over the weekend, I actually took a close look at our honeypots to see if we can detect any |
| 1:21.2 | Cisco exploits. Remember, Cisco last week had this fairly easy to exploit directory traversal vulnerability. |
| 1:29.9 | Well, I imulated the respective Cisco VPN gateway and haven't really seen any exploit attempts, |
| 1:38.0 | but what I keep seeing is attempts to log in with weak, well-known passwords. So keep that in mind. It's not just about |
| 1:47.7 | updating and applying patches. It's also a lot about configuring these devices correctly and monitoring |
| 1:55.3 | them so you're able to detect unusual logins as they occur. |
| 2:01.6 | Now, talking about some patches that you may want to apply if you're using KeyPass with |
| 2:06.6 | KeyPass RPC, well, you should update immediately and the reason being that KeyPassRPC does |
| 2:15.6 | essentially allow any website access to all of your passwords. |
| 2:21.4 | Now, first of all, not all KeyPass users have KeyPass RPC installed. It's an optional add-on |
| 2:27.9 | that you only need in certain browser configurations to better integrate key pass with your browser. |
| 2:36.1 | The problem here is that the browser extension has to authenticate to key pass, the binary. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.