meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, October 4th 2018

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 4 October 2018

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Behind the Phish; Azure Phish; Zoho Phishing and keylogging

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, October 4th, 2018 edition of the Zanzan and Storm Center's

0:06.1

Stormcast. My name is Johannes Ulrich. And I'm recording from Honolulu, Hawaii.

0:12.9

We got a pretty neat guest post today from Nick Carter. Now, he came across a fishing site that

0:19.7

wasn't very well protected and allowed access to logs and a number of additional details about the site, including a SIP archive that contained the code behind the site. This is always nice from a research point of view because it gives you a little bit inside in sort of how the

0:37.7

back end of all of this works. In this case, it even led to the email address of the person

0:44.3

receiving all of the data from this fishing site. Also, gives you a handle on how many people

0:50.6

actually fall for these fishing attacks. One other sort of interesting facet about

0:56.1

this particular attack. The attacker here used a long list of IP addresses from which it would

1:02.8

not accept any connections. Now, these include a lot of cloud providers and the like. The reason why

1:10.5

you find cloud providers in blacklists

1:13.0

like this is, well, normal users, they don't connect from cloud providers. They connect from

1:18.5

home systems, maybe from business systems, but not from networks that are typically only

1:24.6

housing servers. On the other hand, a lot of researchers, of course,

1:28.7

they use cloud systems either to run little virtual machines that make it easier and safer

1:34.5

to access malicious sites or just to run automated scripts to, for example, probe for fishing

1:41.6

sites like this. And if you come across anything interesting like this, of course, let us know.

1:47.3

And yes, we do accept guest posts.

1:49.8

They have to be current, have to be technically interesting, and of course, please no marketing.

1:56.2

Now, sticking with fishing for our next story, apparently Microsoft Asia blob storage is being used to host fishing sites.

2:06.9

The trick here is not just that you now have a site with a good IP reputation and such that's probably not going to get blocked easily,

2:16.9

but as an added benefit, you'll also get a Microsoft TLS certificate.

2:23.0

This blob storage is usually a subdomain under blob.core.org.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.