meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, March 18th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 18 March 2021

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Covid Phish; iOS Update Changes; Polyglot Twitter Images; Attaching CC to Images

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, March 18th, 2021 edition of the Sands and at Storm Center's

0:07.3

Stormcast. My name is Johannes Ulrich, and today I am, well, at least virtually, in San Diego,

0:15.1

California. And of course, with COVID still dominating the new cycle, no surprise that the bad guys are coming

0:26.1

up with new ways to take advantage of the crisis.

0:30.4

The latest example is a Tridex version that is spreading via spam that promises.

0:39.1

An even larger relief check, $4,000, not the $1,400 that some people are receiving here in the United States.

0:49.6

So I guess they hope with more money, they'll get more clicks.

0:53.5

The click in this case will lead you to an Excel spreadsheet that is hosted in Dropbox.

1:01.1

And of course, you will have to enable macros in order to get all the details and put your name on the list to receive the relief checks,

1:17.1

which then, of course, will trigger the download of the Tridex Banking Drogion.

1:24.4

One interesting trick here with this email is also that they're using a look-alike domain instead of IRS.gov.

1:26.9

They're using lowercase L, uppercase R, uppercase

1:31.3

S, which, well, just looks like IRS spelled all uppercase. This domain, of course, doesn't exist,

1:39.1

and I guess they're hoping that as a result, they're less likely going to get caught in any kind of SPF or decim filters.

1:51.5

And it looks like Apple will be changing how it is delivering updates for iOS.

1:58.3

Already in macOS, you're able to distinguish between security updates and functional

2:05.5

updates to the operating system. This so far hasn't been possible for iOS. And of course,

2:12.9

this sometimes delayed how people updated their devices because they don't necessarily want

2:20.5

some of the functional changes that new operating systems include. But by splitting out

2:28.9

the security updates, it will be possible to still keep your device secure even if you are staying on an

2:38.3

older version of the operating system. What's not really clear yet is how far back this

2:44.1

support will go. Now, for macOS, you usually get sort of two versions back the security updates without having to upgrade the operating system itself.

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.