meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, November 25th 2019

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 25 November 2019

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Web Filter Recon; Malice for Local Malware Analysis; VNC Flaws

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Tuesday, November 26, 2019 edition of the Sandcent, and at Storm Center's Stormcast. My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

0:13.6

This week, of course, is Thanksgiving week in the United States, so we'll have a little bit an altered podcast schedule with only three podcasts for

0:23.5

Monday, Tuesday and Wednesday. Also, the podcasts will likely be a bit shorter than usual, just

0:30.5

because typically there isn't that much news to report during this week.

0:37.1

In diaries from this weekend, we first got one from Xavier about an interesting event that he

0:43.7

investigated. The problem was that the firewall they're using blocked an HTTP request

0:51.5

that actually came from outside their network.

0:55.7

Now, this particular firewall was configured to block malicious or inappropriate URLs

1:03.3

from users inside the network.

1:05.9

So typically you would see outbound traffic trying to reach a website that violated some kind of policy.

1:14.6

In this case, however, the attack went the other way around.

1:19.6

Now, one of the most common attacks that we see in our web allocation firewalls is people looking for proxies.

1:26.6

If someone is looking for a proxy, they would typically go to a

1:31.1

well-known and not blocked site like Google or something like that. But in this case, what apparently

1:38.0

happened was an attacker checking out the file wall to see which sites are allowed and which sites are not allowed for internal users.

1:47.5

And then of course the attacker could use this information to, for example, create a phishing email that links to a website that's not blocked.

1:57.0

So the real problem here is that the firewall was misconfigured in that it did allow access from the outside.

2:04.6

Instead, it should block all access from outside the network and for internal users only.

2:11.6

It should then apply its content filtering policies.

2:16.6

And Gies talking about malice. Malice is an interesting. apply its content filtering policies.

2:20.4

And Ghee is talking about malice.

2:26.4

Malice is an interesting open source project that allows you to build your own multi-engine malware analysis system.

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.