meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, December 8th, 2022

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

News, Tech News

4.9754 Ratings

🗓️ 8 December 2022

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IoT Bot WSZero; Cacti Vulnerability; Wireshark Updates; Apple iCloud Encryption

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Thursday, December 8th, 2020 edition of the Sansonet Stormsendors Stormcast.

0:08.2

My name is Johannes Ulrich and I'm recording from San Francisco, California.

0:14.9

FortyNet and NetLab 360, both posted blog post describing a newer variety of IoT botnets.

0:25.6

Now, I mentioned earlier this week how a lot of these sort of botnets for IoT devices are blending together.

0:34.4

This one is, I think, substantially different than what we typically see. So typically

0:39.2

we do see these botnets that use standard IoT vulnerabilities or weak as H passwords and then

0:46.7

essentially run a small binary to very quickly scan for other systems. What's sort of different here with this bot that the NetLab 360 calls WS0 and 40Net calls

1:03.6

zero bot is that first of all it's written in Go.

1:09.0

That's not very common for these IoT botnets, even though we are seeing more and more malware being written in Go.

1:17.6

Secondly, it uses a command control channel where a lot of these sort of simpler Mirai style botnets don't really have that kind of command and control channel.

1:32.8

And the command and control channel uses the web sockets protocol.

1:39.1

So not just simple HTTP request, also web sockets over a TLS.

1:50.6

About 20 different vulnerabilities are being targeted by this botnet, again, sort of your classic IoT-style camera, router, and such vulnerability.

1:58.6

Other little specialty here, the botnet also has provisions for attacking Windows systems.

2:01.6

Most of these IoT botnets only go after Linux, but here if it happens to infect a Windows system,

2:06.6

it will copy itself into the startup folder

2:09.6

versus the standard Etsy in it D4 Linux.

2:14.6

And if you're using KACTi in order to manage and monitor the performance of your services,

2:21.3

well, there is an unauthenticated command injection vulnerability that has been patched in the latest version released this week.

2:31.4

CWSS score of this vulnerability is 9.8, not surprising for a command injection vulnerability

2:37.0

and the remote underscore agent. p.hp file is affected.

2:43.0

It's actually a fairly basic and straightforward vulnerability here.

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.