meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, December 20th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 20 December 2021

⏱️ 7 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Automating Public DNS Changes; Office 2021 VPA Version; More #Log4j/Log4Shell fun

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, December 20th, 2021 edition of the Sansanet Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida. Did you ever have to fail over to a secondary data center, maybe after a power outage or some kind of connectivity interruption to your primary data

0:23.5

center. Well, if you have ever been in that situation, you may appreciate Rob's post from

0:28.8

Friday where he goes over some of the options you have to automatically script some of the

0:34.5

DNS failover that often has to happen in this case.

0:39.0

I've used DNS to failover between data centers many times in the past.

0:44.2

I always liked it because it's relatively cheap and easy to do.

0:47.8

And these days, most of the cloud providers that you're likely using to host DNS do offer APIs to make this change

0:57.8

relatively easy. So Rob has some sample code for you. I've also noticed that there are a number

1:03.6

of like Python modules out there that make this kind of scripting easier for a different DNS providers and even some that sort of have

1:12.8

a generic basically API that then can be used with various cloud-based DNS providers.

1:21.6

And did he provide this weekend a quick update to an older diary of his that dealt with the version numbers that you're

1:30.9

finding in Visual Basic for application, office documents. Well, there's a new version number

1:36.0

for Microsoft Office version 2021. It's Bravo 5. Well, then we have more news from Log 4J and the Log 4G shell vulnerability.

1:47.5

The vulnerability just keeps on giving.

1:50.2

So I figured I'll go over some of the Log 4J version numbers that you may be encountering.

1:58.8

First, there was Log 4J 2.15. It's meant for Java 8 and it fixes the

2:06.3

original, if you want to call it this way, log for shell vulnerability with a CVSS score of 10

2:13.2

and a CVE number of 20, 21, 44, 22, 8.

2:19.3

This is still the vulnerability that you probably should worry about the most.

2:23.3

It's the easiest to exploit and the one that we see really sort of a lot of exploits for in the wild.

2:30.3

But turned out that the patch delivered with 2.15 was not sufficient then.

2:36.4

Shortly after, and this was already covered last week,

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.