meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, September 12th, 2022

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 12 September 2022

⏱️ 9 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. File Exchange Malware; Bypassing Github Code Review; Intermittent Encryption; CRLs are Back;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, September 12, 2020 edition of the Sands and at Storm Center's Stormcast.

0:08.4

My name is Johannes Ulrich and today I'm recording from New York City, New York.

0:14.0

One of the goals of analyzing malware can be to find out where, for example, a fishing page or a piece of malware that's being downloaded is hosted in order to either add it to some blocklist or maybe even take it down.

0:28.5

So to prevent additional damage being caused by this malicious file.

0:34.1

On the other hand, there are attackers that are, of course, then trying to find locations

0:38.8

that are hard to take down. But what we have this weekend is actually sort of the opposite

0:46.2

where an attacker is actively managing the location where the file is hosted in order to sort of

0:53.8

keep that URL ephemeral and make it

0:56.8

more difficult to actually then, for example, discover related events or also to analyze

1:03.6

the additional malware that's being downloaded in this case.

1:08.7

Guy wrote up a Word document that contained a URL that linked to a website that only

1:16.3

hosts files for 24 hours and automatically deletes them.

1:20.6

QAC.im, also known as QAC.ru.

1:24.7

The remainder of the URL is sort of your typical UUID format, so basically just a random string.

1:32.3

Now, if you never heard of QAC. I.m or QAC.r. You're not alone. The site was new to me, too. The site also offers ephemeral email addresses and appears to be not very popular.

1:46.5

The counter for how many messages they sent was around 3,000 when I looked at it before starting this recording.

1:56.0

So by using a site that's relatively unknown, the attacker may believe that it's less likely

2:01.6

going to be found in block lists that often are blocking file download sites like this.

2:10.6

And Noam with legit security post a blog post, shining a light on a well-known issue with GitHub's protected branches.

2:20.8

This feature is included with paid account, so you don't get it with the free GitHub account,

2:26.9

but the basic function here is that if you would like to merge a poll request with your main or default branch, then a second

2:38.1

developer first has to approve that poll request. And the problem here is that, well,

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.