meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, February 9th, 2023

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 9 February 2023

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Telegram Phish; ESXIArgs Ransomware Help; IoT Crypto Standard; Sonicwall Filter Issues; Chrome early-stable

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Thursday, February 9th, 2020,

0:05.0

3 edition of the Sands and the Storm Center's Stormcast.

0:09.3

My name is Johannes Ulrich, and I am recording from Jacksonville, Florida.

0:15.0

Well, I wrote up a pretty sort of simple fish today that I received.

0:19.5

It arrived as an email that sort of had actually a little

0:23.0

bit of emails going forth and back here regarding an order and detachment claimed to

0:29.1

be an payment confirmation. The attachment was just an HTML file, so nothing malicious in the sense

0:36.5

that there was no exploit or so involved, but if you open the HTML file, so nothing malicious in the sense that there was no exploit or so involved,

0:39.2

but if you open the HTML file, it will mimic an Office 365-like page and, of course,

0:47.6

trick you to log in. The way the password is then collected is by sending a request via JavaScript to the Telegram API.

0:58.8

Another sort of interesting twist here is on Monday I wrote about APIs that are being used to

1:04.2

look up your public IP address. It actually uses one of those APIs and also then includes the IP address of the host

1:14.2

or of the victim. If Telegram is not used in your environment, then of course looking for

1:20.5

Telegram API requests, maybe something worthwhile to search for. And I already mentioned that these IP lookup APIs are

1:30.3

certainly something to keep an eye on.

1:34.2

And in case your organization got affected by the recent VMware ESXI, Ransomware ESXI,

1:43.0

SISA, the cybersecurity and infrastructure security agency, came up with some guidance as to how to recover from this compromise.

1:53.6

Of course, there is sort of no fail-proof recovery here, but Sissai came up with a little bash script that will assist you trying to recover

2:04.7

what there is to recover by essentially creating new BMX configuration files, if possible

2:12.1

and trying to recover the machines. It'll also create backups of the encrypted files. Overall, looks pretty

2:21.5

straightforward, nice that it's just a batch file, so relatively easy to review what it does.

2:28.5

Kind of sad that it's almost easier to come up with a recovery script like that than with a good way to actually patch

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.