meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, July 27th 2017

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 27 July 2017

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emotet Malspam; Broadpwn Released

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, July 27th, 2017 edition of the Santonet Storm Center's Stormcast.

0:08.3

My name is Johannes Ulrich, and the day I'm recording from Washington, D.C.

0:13.7

Brad wrote a diary describing a recent version of the Emotette malware.

0:20.2

Now, this malware as so often arrives as a VIRT document.

0:24.7

What was really great about this particular diary was that we got quite a bit of feedback from

0:31.1

our readers. Brad in particular when he wrote up the diary, didn't have an actual copy of an email spreading this

0:39.3

malicious document and now we had a number of readers provide us with emails essentially these are all

0:46.8

fake invoices bills we got one reader who received them claiming to come from AT&T, another one had a very similar email,

0:57.0

but the sender claimed to be Virgin Media.

1:02.0

When Apple released its latest patch set last week, I mentioned that one of the high-profile bugs being addressed here is a vulnerability

1:12.9

in the prodcom wireless firmer.

1:16.5

Well, it turns out that we now have the expected details for this particular vulnerability.

1:24.5

Exodus Intelligence did publish a blog with a lot of details how this particular

1:31.0

vulnerability works and how it can be exploited. Excess Intelligence also claims that they have

1:37.9

written already a worm that can be spread using this vulnerability from device to device.

1:47.0

Now the vulnerability is a classic buffer overflow in how Wi-Fi multimedia or wireless multimedia frames are being parsed.

1:59.0

The software only allocates 44 bytes for this information,

2:03.3

but NetHacker may encode up to 255 bytes here. Very similar to vulnerability in these drivers

2:12.2

with the SSID, where also there was an assumed maximum length for the SSID, but NetHacker essentially could send non-standard frames that exceeded this size.

2:24.3

Exploitation is not trivial but not terribly hard either, and again the blog that was published does include a lot of details in how to write an exploit for this vulnerability.

2:40.0

So if you haven't already done so, patch your mobile devices.

2:43.4

This is most likely going to affect mobile devices like cell phones, but there may also be some laptops, tablets and the like that are

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.