meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, March 4th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 4 March 2021

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Exchange Followup; Saltstack Vuln; Grub2 Patches; More Dependency Confusion

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, March 4th, 2021 edition of the Sansternet Storm Center's Stormcast. My name is Johannes Ulrich and then I'm recording from Jacksonville, Florida.

0:14.0

Well, just a quick follow-up on the Microsoft Exchange Cereaday that I talked about yesterday. Of course, lots of talk about

0:24.5

these vulnerabilities and the associated exploits today. One of the vulnerabilities is the deseralization

0:32.6

vulnerability has been extensively discussed in a blog post and well there is sort of some these pieces of

0:41.1

proof of concept exploits out there haven't really seen anything about the server side request

0:46.7

forging issue which probably is the most critical one of these vulnerabilities rapid seven has a real good blog post, turns out, that

0:57.7

they actually were able to detect this as early as February 27th, so last week, and apparently

1:05.8

also alerted Microsoft of some of these issues. One of the things that should not be underestimated is that these attacks may be more

1:16.5

widespread than your typical targeted attack.

1:21.2

It more looks like there are thousands, if not tens of thousands of victims here, at least as far as the US IP address space goes.

1:31.9

It appears that it was entirely scanned by these actors.

1:36.5

We had hits in our honeypots from one of the actors.

1:41.7

So if they start hitting honeypots and such, it's often a sign that,

1:46.6

yes, they're pretty much just hitting everybody. So if you do have an exposed, unpatched

1:53.9

Microsoft Exchange server, assume it's compromised. And again, the Rapid 7 blog has some real good insights into what to look for.

2:05.7

Now, whenever there's a big vulnerability like this, it's often easy to overlook other issues.

2:12.0

And one that I want to point your attention to is a new patch for Salt Stack. Salt Stack is this IT management suite that

2:21.3

has been the target of attackers in the past. Now, this latest vulnerability is just a privilege

2:28.3

escalation vulnerability, but very easy to exploit. And it does affect the minion component of salt which is what you're

2:37.6

installing on the managed system so there's a pretty large footprint of this and an attacker

2:43.6

breaking into any one system finding minion installed could use it to escalate privileges.

2:51.4

The problem here is that Minion at one stage is looking for processes running and then essentially

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.