meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, June 13th 2016

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 13 June 2016

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. DNS Sinkhole 2.0 Released

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, June 13th, 2016 edition of the Sandton and Storm Center's Stormcast.

0:08.2

My name is Johannes Ulrich, and today I'm recording from Washington, D.C., of course, here at Sandsfire.

0:15.4

Today on Monday evening, we will have our annual handlers panel, so if you want to meet some of our

0:23.0

handlers that's your chance we will also have a couple of vintage encryption devices

0:30.5

available including an original enigma system and gee today released version 2.0 of his DNS sinkhole like prior versions.

0:42.4

It's released as an ISO image so can either install it on a standalone machine or a virtual machine

0:49.8

should work pretty straightforward and this particular tool has come in really handy over the last

0:56.0

few years. It does implement a DNS server that you can then use to block malicious domains and

1:03.2

redirect them to listeners on that sinkhole system. So you not only detect if a host is infected you also disrupt command

1:14.0

and control connections and may learn a little bit more about those connections and last week

1:21.2

there was quite a bit of discussion in windows developer forums about a telemetry feature that was automatically compiled into

1:31.3

all software that you compiled with Microsoft's Visual C. Now, telemetry, of course, sounds like

1:39.3

calling home, but that's not really what this feature was about. It was really more about performance debugging off the software and adding hooks that allow you to log when certain libraries are loaded and the like.

1:52.0

But nevertheless, this wasn't a feature that developers had to enable.

1:58.0

It was enabled by default.

2:00.0

And there was no clean way to actually disable this

2:03.5

particular feature. Microsoft now came forward and offered ways how to disable the feature and the

2:10.5

feature should be disabled now by default in future releases of Visual C.

2:24.9

And the ESET software is reporting about the crisis ransomware being more and more used in the wild in order to yet again encrypt users' files.

2:27.9

Now, this particular piece of ransomware doesn't just encrypt.

2:32.7

It also does send several documents to the group behind this software.

2:38.6

So there's also a data exfiltration problem.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.