meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, September 11th, 2023

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 11 September 2023

⏱️ 7 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Honeypot Data and Powershell; Apple 0-Day Details; Cisco 0-Day Exploited; Odd Password Solution

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Monday, September 11, 2023 edition of the Science Internet Storm Center's Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

0:14.0

People often ask why you would run a honeypot or use the data we have to offer at the internet storm center that's derived from

0:22.4

these honeypots, I usually state that the data is most useful to add color to your logs.

0:29.5

The data we collect from honeypots can help better understand why, for example, a certain attack,

0:35.6

a certain IP would show up in your logs.

0:39.1

So it's really about augmenting the data that you already have for your sock.

0:45.2

But it's also useful for the honeypot itself if you run the honeypot.

0:50.8

One of our undergraduate interns, Chris Wichick, went at least in MyBook a bit unusual route to add more context to his Honeypot logs. Chris used a PowerShell script, not Python, to collect data from APIs, like, for example, Alien Wall's thread exchange to see how the data for his honeypot fits in with all the other data sort of collected by the thread exchange.

1:21.4

He outlines the complete process in his guest diary, including, of course, some of the scripts that he then created.

1:32.2

When I recorded Friday's podcast, I mentioned that we had yet a year from Citizen Lab about the Apple Patch

1:40.6

released on Thursday. Citizen Lab was noted in the Apple security announcement

1:48.1

that they alerted Apple of this particular vulnerability. And again, this was already

1:55.0

exploited. That's really what Citizen Lab found. The patch addressed two vulnerabilities that are exploited in target attacks.

2:04.9

An interesting twist was that one of the patches addressed vulnerability in Apple's wallet application.

2:13.8

Citizen Lab released a blog post with details shortly after I finished recording for the Friday podcast,

2:22.3

so we now have some more details to talk about.

2:26.2

The attack did not require any user interaction.

2:30.4

Apple's relatively new lockdown mode does apparently prevent exploitation, but before you run and enable lockdown mode, realize that it may affect some significant features.

2:44.1

The exploit took advantage of a buffer overflow in image I.O. That's the library that displays images, but to exploit the vulnerability,

2:54.6

the exploit took advantage of a validation issue in Apple's PASKit. Pasket is used to create iOS

3:02.5

wallet items like boarding passes or concert tickets.

3:21.4

This vulnerability has gotten a lot of press, but realize that the only known exploit is part of sort of a more high-end commercial exploit kit that was used in targeted attacks.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.