meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, June 7th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 7 June 2021

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Port 37; QNAP Patch; GitHub Patches Policy; WebEx Patch; VMWare Exploit Active

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, June 7th, 2021 edition of the Sandstone, Storm Center's Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida. Just to get us started, Jim noticed a couple of odd spikes lately on Port 37, in particular UDP.

0:22.7

Now, TCP did see some requests, some HTTP requests that looked like they were looking for

0:29.3

Ethereum wallets.

0:31.1

So if you have any insights there, if you know any Ethereum wallets that list on Port 37, then please let us know.

0:39.4

It would be interesting to figure out what attackers are actually looking for here.

0:45.1

And QNAP released another update for its products, this time affecting Video Station.

0:52.1

Video Station is typically used if you are connecting surveillance cameras to your QNAP device.

0:59.6

So the QNAP device here doesn't just store the videos.

1:03.5

It will also provide access to them, which is why often people do leave this feature exposed. Well, you never should do so, and a patch is

1:14.3

available now for this remote code execution vulnerability. No details in the advisory, whether or not

1:22.2

authentication is required. There is also a proof of concept that was released, but it's not really clear if it was

1:31.6

for this specific feature or if this is for a different vulnerability that hasn't really been

1:40.1

patched yet. The proof of concept does not refer to video station also doesn't list a CVE number,

1:47.1

which makes me think that this may be totally different or maybe not an issue at all.

1:54.5

Now I'm not going to link to this proof of concept because the write-up is a little bit weird

2:00.3

overall and a link to GitHub that

2:03.1

supposedly contains the code leads to a 404 page. Now GitHub just clarified their policy on

2:11.9

posting proof of concept code to its site. In the past, it was pretty open and you often found proof of concept code on GitHub,

2:22.7

but there have been a couple of instances lately where GitHub has removed exploit code

2:29.1

from its site.

2:30.8

What they now decided pretty much as their policy is that it will remain okay to post-exploit code

2:38.7

to get up unless it's being used in an active attack. The updated policy states that they

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.