ISC StormCast for Tuesday, August 4th 2020
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 4 August 2020
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, August 4th, 2020 edition of the Science and the Storms, |
| 0:05.7 | on Stormcast. My name is Johannes Ulrich. And the time I'm recording from Jacksonville, Florida. |
| 0:13.1 | Saville came across a pretty interesting visual, basic macro that actually turned out to be part of a document that was either distributed as part |
| 0:24.6 | of a red team exercise or a targeted attack where Xavier believes it's probably deformer because |
| 0:32.5 | of the very specific version of the dot-net framework that was required for this particular macro to run. |
| 0:42.4 | This technique is often used in order to avoid collateral damage. |
| 0:46.4 | In this case, the attacker set actually up a website distributing diversity and inclusion survey |
| 0:54.0 | that then loaded the malicious macro. |
| 0:58.4 | What's also sort of interesting is that the bot actually is able to communicate via |
| 1:03.7 | a couple of different command control channels looks like, well, HTTP, of course, but also Slack and then also DNS. |
| 1:15.7 | And well, we do have updates for the boothole vulnerability. That was the vulnerability in |
| 1:22.3 | Crup 2. And I told you that this is a little bit of tricky update to release and apply. |
| 1:29.9 | Well, Redhead now, as well as Debian and Ubuntu, have come up with packages that should make |
| 1:36.0 | installation easy, but looks like they didn't get it quite right initially. |
| 1:41.1 | In particular, for Redhead, and with that also for SendOS, there are |
| 1:47.0 | reports of systems that fail to boot after the update was applied and it's actually a little |
| 1:55.0 | bit tricky to get them to work again. Similar issues also with some Debian and Ubuntu installs doesn't appear to be as |
| 2:03.6 | common with those systems compared to Redhead SendOS and seems to be more limited to dual boot |
| 2:12.7 | systems that boot via Linux or Windows. |
| 2:24.4 | I'll link in the show notes to respective troubleshoot notices that Ubuntu and Redhead published, |
| 2:30.0 | so hopefully they'll help you if you got affected by this bad update. If you only applied the update and you didn't reboot yet, well, have those articles handy. |
| 2:38.9 | And security researcher Matt Shockley found mixing the simple way actually to bypass transparency consent and control TCC in macOS. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.