meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, September 15th 2016

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 15 September 2016

⏱️ 5 minutes

🧾️ Download transcript

Summary

Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Drupal RESTWS Scans; Google.fr #XSS; #VMWare Updates

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, September 15th, 2016 edition of the Sansonet Storm Center's Stormcast.

0:07.8

My name is Johannes Ulrich, and the day I'm recording from Las Vegas, Nevada.

0:12.8

Early today, when looking at my honeypot logs, I did see some exploited hands that stuck out at me that tried to exploit a vulnerability in the triple rest web services module

0:26.6

now the vulnerability that trying to exploit was actually released in july and going back in my logs i found exploited hands

0:35.6

pretty much as soon as the vulnerability was released.

0:39.3

What helps here, of course, is that the vulnerability is trivial to exploit.

0:44.3

You just pass PHP code on the URL that will then be executed by the web server.

0:52.3

Not sure what the endgame is here with these exploited attempts, they're really just trying to check at this point whether or not you're vulnerable.

1:01.0

However, many of these exploit attempts, as far as I can tell, came from Drupal servers.

1:06.0

So that points to someone building a network, a botnet of vulnerable servers.

1:12.6

And it doesn't happen often that there is a cross-site scripting vulnerability in a Google homepage,

1:19.6

this time the French Google page or Google.fr.

1:24.6

In order to trigger the vulnerability and attacker had to first convince a user to click on a specifically crafted link and then by inserting an SVG tag into the input field that results from the link, you will then trigger cross-site scripting vulnerability.

1:46.0

Pretty interesting exploit, sadly, the write-up doesn't have a lot of detail on how that exploit was actually discovered.

1:54.0

But take a look at the URL. It does give you some hints as to how this vulnerability was exploited.

2:02.5

And of course, Google already patched the vulnerability.

2:05.1

And while interest in Pokemon Go has subsided somewhat, there are still plenty of people

2:10.4

who are trying to download related software and that of course gives Malaver distributors a chance to pedal their software.

2:21.3

The latest case was found by Kerski and its guide for Pokemon Go that actually made it into the Google Play Store and was downloaded 500,000 times.

2:35.0

Once installed this particular application will download software to root the phone and get complete access to the system.

2:46.0

The application that the user downloads actually really just that generic downloader, so it will

2:51.2

just contact the command control server for URL from which it will then download the actual

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.