ISC StormCast for Monday, May 17th, 2021
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 17 May 2021
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, May 17, 2021 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida. |
| 0:14.1 | Last week, I mentioned how Jan was looking at the slight decrease in exposed industrial control systems over the last year. |
| 0:23.6 | Xavier this weekend followed up with a quick look at exposed VNC services. |
| 0:30.2 | Now, when Ian looked at the data using Shodan, Jan focused on ports that are specific to industrial control protocols. VNC, of course, |
| 0:40.5 | is a more generic remote access protocol, but often used to expose industrial control systems |
| 0:48.8 | as well. Xavier used a tool called VNC snapshot, which takes, well, as the name implies, sort of a screenshot of a VNC service. |
| 0:58.9 | It does not attempt to log in, so there was no brute forcing involved in any way. |
| 1:05.3 | Well, and he didn't have to look long in order to figure out that many of the services that were exposed did not require |
| 1:14.0 | any kind of authentication and appeared to allow direct access to a number of industrial control |
| 1:22.5 | systems worldwide. No big news here, sad that it's really still happening. And yes, Xavier showed some |
| 1:30.7 | screenshots here showing that this is a worldwide problem, not really just the regional or |
| 1:37.0 | limited to particular industry problem. A lot of developers these days are using Visual Studio Code in order to edit their projects |
| 1:47.3 | in part because Visual Studio Code is available on multiple platforms. |
| 1:52.1 | It's free, it's supported by Microsoft, and it does provide a number of plugins for specific |
| 2:00.2 | languages. |
| 2:01.5 | For example, a Rust Analyzer plugin that according to the Visual Studio |
| 2:08.3 | marketplace site has been installed about 200,000 times. |
| 2:14.2 | The problem with this plugin is that if a developer does open a malicious project, |
| 2:22.7 | this may execute code and a proof-of-concept exploit has already been released. In the proof-of-concept |
| 2:32.0 | exploit, this vulnerability is used to exfiltrate the dot SSH directory from the developer's account. |
| 2:41.0 | So this could potentially include, for example, private SSH keys and, of course, |
| 2:47.0 | asage configuration files that may give an attacker access to various systems that the |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.