ISC StormCast for Monday, October 31st, 2022
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 31 October 2022
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Monday, October 31st, 2020 edition of the Sansonet Storm Centers. |
| 0:08.6 | Stormcast, my name is Johannes Ulrich, and I'm recording from Jacksonville, Florida. |
| 0:15.5 | Multi-factor authentication is, well, certainly a must these days for cloud services like Office 365. |
| 0:24.4 | But recently, well, multifactor authentication, so we've got some kinks in its armor because attackers have tricked victims into approving authentication requests from multifactor authentication apps by essentially just flooding the victim with requests. |
| 0:42.5 | Tom now wrote up how to protect yourself against these types of attacks if you're using dual securities authentication app to log into Office 365. |
| 0:54.3 | One pretty obvious method is not to allow the simple push authentication method where the user |
| 1:00.8 | just has to press OK instead. |
| 1:03.7 | The user will have to use a one-time code to authenticate. |
| 1:08.5 | This can be enabled by only allowing a code authentication to be used with Office 365. |
| 1:17.4 | A little bit in between, kind of of the simple app push and the one-time code option is also |
| 1:26.2 | a verified push. |
| 1:27.7 | What this really means is that when the user logs in, the system will display a number to them, |
| 1:35.3 | and then they have to enter that number into the app in addition to approving the login. |
| 1:41.5 | Of course, the victim wouldn't really see a number that's being displayed to the |
| 1:47.0 | attacker, so that flooding with bogus requests wouldn't really work quite well in this case. |
| 1:55.8 | But anyway, if that's something you're interested in, take a look at Tom's Diary from Friday. |
| 2:05.6 | And back in September, Microsoft fixed an interesting vulnerability in the Windows TCP IP stack. |
| 2:12.6 | The vulnerability allows for remote code execution using a fragmented IPSEC packet that's transmitted over IPV6. |
| 2:21.7 | At that time, it wasn't really clear sort of what exact combinations of features could lead to exploitation. |
| 2:29.4 | Newman Cyberlapse now reversed the patch and released a blog post with details about the vulnerability and how to potentially exploit it. |
| 2:39.0 | The exploit requires that the attacker sends an IPV6 packet with IPVSEC payload, and then that IPSEC payload is actually then fragmented. |
| 2:48.6 | The proof-of-con concept exploit causes a crash and not |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.