meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, August 7th, 2023

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 7 August 2023

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Leaked Credentials; PaperCut RCE Vuln; MSFT Fixes Power Platform Bug; Token Theft Playbook;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, August 7, 2020, 23 edition of the Sandsenert Storm Center's Stormcast.

0:08.0

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

0:15.0

Savier took a look at whether or not credentials found in these league credential dumps are actually being used by

0:23.5

attackers. And, well, it turns out, yes, they are. In order to investigate, Xavier took a look

0:30.6

at his own mail server and looked at any rejected logins that showed up in some of these recent credential dumps that Xavier collected.

0:42.2

So this is not the complete, I think now 12 billion long list from like have I been poined, but a smaller list that Xavier looked at.

0:52.4

It wasn't, as he pointed out, a super high quality list either,

0:57.2

but, well, attackers, they grab what they can find and give it a try and sometimes it

1:03.7

apparently works for them. But the lesson for the defender here is that you really have to be

1:08.5

proactive about these leaked credentials and check if you do find some of these credential dumps whether any of your users are included and if so double check that these credentials are not used in any of your systems.

1:25.6

And if you're using the paper cut print management software BMAIR, there is another vulnerability

1:33.2

out there that can lead to a remote code execution.

1:37.0

Similar to prior vulnerabilities in Papercut, this is a file upload vulnerability that then

1:43.7

leads to remote code execution. Essentially,

1:46.3

the attacker can sort of upload a web shell. According to Horizon 3 who found this vulnerability,

1:53.6

exploitation of this new vulnerability is more complex, so we may have more time until a public working exploit is out there. Horizon 3 does

2:04.8

not really provide any details here, so they're not helping the attackers with any details

2:11.0

how to exploit this new vulnerability. The CVE for the new vulnerability is 2023-39-143. The old vulnerability that has widely

2:23.4

been exploited is 2023-27-350. And again, given that history, it's likely that we'll see some exploitation

2:33.7

for this new vulnerability in the near future.

2:37.1

So that's why you probably should prioritize patching paper cut.

2:42.5

And Microsoft fixed, I should say fixed again, vulnerability in its power platform.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.