ISC StormCast for Monday, December 21st 2020
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 21 December 2020
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, December 21st, 2020 edition of the Sandcent Storm Center's Stormcast. |
| 0:08.1 | My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida. |
| 0:13.7 | This week and next week, of course, I hope many of you do get to take a couple days off and we'll have only three podcasts this week as well |
| 0:25.4 | as next week. So no podcast on Christmas Eve and Christmas Day as well as on New Year's Eve and |
| 0:34.4 | New Year's Day. Unless of course we have something interesting and new happening. |
| 0:40.2 | And with that, we're sort of playing a little bit on a summary about the Solar Winds event, |
| 0:45.9 | a little bit an update. If you have any specific questions about this event or anything that |
| 0:52.0 | you would like to have covered in more detail, please let us know, |
| 0:56.8 | and I expect we'll probably do something next week. |
| 1:01.6 | But well, just about a year ago, we did have the Citrix vulnerability keeping us busy over |
| 1:08.8 | New Year's, and Jan took a closer look at how organizations are |
| 1:14.6 | doing patching this vulnerability. Looks like we only got actually a couple hundred systems left |
| 1:21.9 | according to Shodan that are still vulnerable and who knows how many of them are actually honeypots. |
| 1:28.6 | So only 4.5% of the originally infected systems are still exposed, which actually is pretty good. |
| 1:38.5 | Of course, this vulnerability was pretty much exploited instantly, which made it a high priority item for people to fix. And in |
| 1:47.5 | some cases, at hackers who took over systems may have either patched a vulnerability or |
| 1:54.4 | turned the systems unreachable. And one neat feature of process explorer, which comes as part of CIS Internals, is the ability to have a binary that you find running, that you may consider suspicious, check with virus total. |
| 2:13.2 | So in this case, CIS internals does calculate a hash of the particular binary and then sends it off to Virus Total. |
| 2:21.6 | Sadly, it looks like the last couple days that this functionality is not working. |
| 2:28.0 | Maybe an issue here with Virus Total, maybe sort of a change in the API or such, but this appears to be more problem |
| 2:35.4 | with Virus Total than with Process Explorer at this point. |
| 2:41.1 | And often on, there is a lot of talk about the need of governments to intercept encrypted |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.