meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, September 25th, 2023

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 25 September 2023

⏱️ 7 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Laravel Scans; Backdoored WinRAR PoC; Fake Booking.com; @BSidesJAX

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Monday, September 25th, 2020, 23 edition of the Santernut Storm Center's Stormcast.

0:08.8

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

0:14.8

Guy looked at some honeypot hits that he saw in his honeypots, but we also saw some interesting trends earlier

0:23.2

this year when it comes to Lara Well. Larval is a framework for PHP, quite popular among

0:33.2

PHP developers, and yes, it had vulnerabilities.

0:40.1

Keynotes in 2021.

0:48.1

There was, for example, a vulnerability that was made known, but these attacks or these scans that we are seeing are not actually going after anything sort of Laravelle-specific.

0:56.7

Instead, they're looking for dot env files, essentially. Dot Env files often used to store environment variables that are

1:03.6

then used to provide credentials like API keys and such for the application. We have seen that before, and I think a few months ago, we already had a diary about

1:15.4

these kind of configuration files.

1:17.6

They're certainly being searched for, and something that you should pay attention to.

1:23.6

These files should not be accessible in your document route.

1:28.1

If you have files like this at all, they should be stored outside the document route.

1:33.6

Or, well, even better, take a look at how, what other mechanisms, your particular framework,

1:39.8

your language makes available for credential storage, in particular in the cloud and such

1:45.8

you often have secret managers that you can use instead of storing credentials in a simple

1:51.8

file on the file system.

1:55.7

And Palo Alto's Unit 42 has an interesting blog post about a fake proof of concept that was released to GitHub for CVE 2020-477.

2:10.5

This was the WinRAR vulnerability from about a month or so ago, so a high-profile vulnerability. Lots of people were looking for proof of concept exploits.

2:21.3

And this one may have been downloaded several times by people either maliciously looking for proof of concept exploits or researchers trying to figure out how this particular vulnerability could possibly be exploited.

2:37.4

Well, they got definitely more than they bargained for, but they didn't get Winrower exploit.

2:43.1

The exploit that was actually sort of used as a template for this malicious backdoor was an exploit for CVE 20203-25157. Totally unrelated to WinRAR. This is some kind of geo-server,

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.