meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, September 6th 2018

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 5 September 2018

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MEGA Chrome Extension Hack; Python Package Installer Code Exec; Win Scheduler Exploit

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, September 6th, 2018 edition of the Santernet Storm Center's

0:06.3

Stormcast. My name is Johannes Ulrich. And I'm recording from Amsterdam, Netherlands.

0:14.1

Mega, the New Zealand company that offers end-to-end encrypted cloud storage has had its Google Play account compromised.

0:24.3

The compromised account was then used to distribute an updated version of the Mega Chrome plugin.

0:31.9

The updated version did then ask users for access to usernames and passwords and promptly exfiltrated

0:40.2

usernames and passwords that were entered into Google Chrome. Apparently, the compromise happened

0:46.7

on Tuesday around 1430 UTC. If you installed this plugin after this time or if you already had it installed but the plugin

0:57.5

auto updated, then your passwords may have gotten lost.

1:03.2

The plugin also went after my ether valid and my Monero passwords and it appears that the group behind this compromise has also been

1:14.1

hunting for crypto coins in the past using different illegal means.

1:22.4

And in installing software packages, whether it's a toolbar like in this mega example or whether it's a

1:30.2

Python package, is always a somewhat risky business.

1:35.0

So it shouldn't be a surprise that you have to be careful when you're installing Python packages,

1:39.8

not just because you may be importing malicious code, but Python packages can actually execute code at install time.

1:48.4

A blog post on GitHub warns about this apparently not very widely known feature and does suggest that you definitely verify hashes whenever you are downloading packages, use a user account,

2:05.6

not the root account, and finally always double check the package name. This is something that

2:12.6

we have seen a lot, for example, with NPM, but also sometimes with Python and like, that malicious packages

2:20.4

try to prey on people who misspell a package name and then install the wrong, and in this case,

2:27.5

malicious package. That's, of course, where in particular, this technique of executing code on

2:34.1

install time becomes handy because

2:37.0

you may never include this package in your code because of the typo, so the only time any code will run from the package is at install time.

2:48.0

And ESET security is reporting that the sandbox escaper Windows

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.