meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, November 22nd, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 22 November 2021

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hikvision Exploited; Detecting PAM Backdoors

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, November 22nd, 2021 edition of the Sandtonet Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida. And just as a reminder, it's the Thanksgiving week here in the United States. So this week, we will only have three podcasts for

0:23.8

Monday, Tuesday and Wednesday. Two quick diaries this weekend from our internet storm center

0:31.5

handlers, Guy wrote about some attacks he's seeing in his honeypots targeting Hickvision security cameras.

0:40.5

The vulnerability being exploited here is reasonably recent CVE 2021-36-260.

0:48.5

So hope you got your cameras patched.

0:51.8

There are a total of 3.2 million of these cameras connected to the internet, according to

0:58.2

Shodan.

1:00.0

And a couple of weeks ago, we had a diary by Xavier talking about how the plugable authentication

1:07.0

modules or Pam in Linux can be abused, in particular, how backdoors can be introduced into these modules.

1:16.6

Well, Dede now has a little bash script that looks for some specific backdoors and will detect them if they got introduced into Pam.

1:27.4

So something you want to keep in mind for your instant response toolkit.

1:32.9

In a collaboration among research institutions from China as well as from the US has taken a closer look at the root certificates that are being used to sign web certificates

1:47.5

that are being used for TLS in the public internet.

1:52.4

What they noticed is, and shouldn't really be a big surprise,

1:55.3

that there are a lot of certificates that are verified or signed by certain authorities that are not publicly known and trusted.

2:05.8

Overall, this is not necessarily a bad thing because a lot of organizations have their own

2:11.7

private CAs for internal use.

2:14.9

And yes, some of those websites may be exposed, but if they're really only meant to be used by internal use and yes some of those websites may be exposed but if they're really only meant

2:19.9

to be used by internal users who trust the specific server authority then it's not

2:25.0

necessarily a bad thing but it becomes a little bit more tricky is that apparently many

2:29.6

of these certificate authorities are attempting to impersonate some well-known certificate authorities.

2:37.8

When you set up a certificate authority, you can give it a name for an internal certificate authority.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.