ISC StormCast for Thursday, February 6th 2020
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 6 February 2020
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Thursday, February 6th, 2020 edition of the Sandrine Storms, |
| 0:07.0 | Stormcast, my name is Johannes Ulrich, and the I'm recording from Jacksonville, Florida. |
| 0:13.0 | Now we know one of the things that we're always pushing is keep your systems up to date in particular exposed software like your |
| 0:23.3 | browsers. Now, web browsers have made it quite easy to stay up to date and most of them |
| 0:29.3 | will update within a couple days of a new version being released without the user really having |
| 0:35.2 | to do anything. But still, users are used to being told to update |
| 0:41.3 | software, so if they're seeing a pop-up advertising a browser update, they may actually be willing |
| 0:48.4 | to install it. And this is exactly what Brad is describing, but with a malicious twist, where fake browser updates are being used to install the Net Support remote action. |
| 1:02.0 | Net support is sort of interesting. It's kind of marketed as a legitimate remote admin tool, but particularly in the past it has been using these fake browser |
| 1:14.7 | updates to trick users to install it without really knowing what they are installing on |
| 1:21.8 | their system. |
| 1:23.3 | Brad actually wrote about a similar campaign a year ago, so the diary he released yesterday |
| 1:30.1 | makes for real nice comparison sort of what has changed with this particular threat over |
| 1:35.6 | the last year. |
| 1:38.7 | Google released updates for Android and looks like some of an average to maybe a little bit lighter patch a day for Android and looks like some average to maybe a little bit lighter patch a day for |
| 1:47.3 | Android. There are two critical vulnerabilities in system. One is rated critical for Android |
| 1:55.5 | 10, that's CVE 2020, 23. Now it only leads to information disclosure, but Google still rated it critical, |
| 2:05.6 | so probably whatever information is disclosed is critical from a security point of view. |
| 2:10.8 | The second vulnerability CVE 2020-22 is a remote code execution vulnerability and critical for Android 8 through 9 and it's |
| 2:21.3 | only denial of service or moderate for Android 10. |
| 2:26.4 | Not really clear here what it will take to actually exploit these vulnerabilities. |
| 2:32.6 | Google just says that a specially crafted transmission could |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.