meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, September 20th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 20 September 2021

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. iOS Calendar Invites; MSHTML Exploit Docs; Mirai Hunting OMIGOD; Netgear Exploits

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, September 20th, 2021 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich. And then I'm recording from Jacksonville, Florida.

0:13.2

Xavier on Friday took a look at malicious calendar subscriptions. Calendar subscriptions are a feature that's common in many calendar systems, but abuse is most popular in iOS.

0:26.6

A subscription feature doesn't really sound all that bad initially. Essentially, you can share your calendar with another individual.

0:36.6

The result is that your calendar events are showing up in this individual's calendar and

0:44.1

also notifications and such may pop up if events are approaching.

0:50.1

The problem here is that this will be abused for spam and all it takes is one careless click

0:56.5

and that's exactly what happened here with Xavier's kit who ran into this problem and

1:03.7

now you are following a spammer's calendar.

1:07.5

And the spammer is now able to essentially create pop-ups using these calendar events that then include links that may lead you usually to spam, but of course could also lead you to malicious pages.

1:21.6

Apple apparently has a hard time reining in this abuse of their calendar system. Not too much you can do other than be

1:31.1

careful what you click on and do not accept these random calendar subscriptions. And Microsoft is

1:39.7

reporting that they're seeing increasing numbers of exploit attempts for CVE 2021-444.

1:48.2

This is, of course, the MSHtml vulnerability that has been going around for at least two weeks now

1:56.6

and was patched last week with patched Tuesday. Did he put together a very quick diary of the

2:05.2

weekend showing how his analysis tools, zip dump and R.E. search can be used in order to

2:12.8

extract malicious URLs or potentially malicious URLs from exploit attempts that try to take

2:21.5

advantage of this vulnerability. You can then double check the particular URLs to see if they

2:28.9

are in fact exploiting CVE 2021-444.

2:35.0

And regarding the OMI, the Open Management Interface,

2:40.0

vulnerability that Microsoft patched on Tuesday,

2:44.0

Azure hosts may still be vulnerable to this.

2:48.0

Remember that these tools are installed automatically on Linux

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.