ISC StormCast for Tuesday, December 13th, 2022
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 13 December 2022
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Tuesday, December 13, 2022 edition of the Sandstone Storm Center's Stormcast. |
| 0:09.2 | My name is Johannes Ulrich. |
| 0:11.0 | And today I'm recording from Jacksonville, Florida. |
| 0:14.8 | In Diaries, we got a quick one today by Didi, just showing how to sort strings in Cyber Chef by length. |
| 0:23.1 | If you are considering CyberChef, your go-to tool when it comes to converting encodings and |
| 0:29.2 | such, well, it can do way more, almost sort of a little string-processing suite now. |
| 0:35.9 | And Fortygaard released an advisory that vulnerability in the SSL VPN |
| 0:42.6 | demon, and that's CVE 2022-475, is already exploited in the wild. They say they saw a one attempt or a one successful exploitation |
| 0:58.0 | using that vulnerability. Interesting, the vulnerability was actually patched a couple weeks ago, |
| 1:04.6 | at least according to the affected products list here for the OS 723, which is the patched version, was released, |
| 1:15.5 | I believe about three, maybe four weeks ago. |
| 1:18.4 | They now release this advisory announcing that this version of 40 OS also patches this critical |
| 1:26.9 | vulnerability. CVSS score of 9.3. The problem with these |
| 1:33.5 | hidden patches, of course, is that you often don't take the update too serious. And actually, |
| 1:40.1 | I came across a discussion on Reddit when I was looking for when it was actually being released |
| 1:46.1 | where they essentially just sort of asked that question, should I apply, should I not apply the patch? |
| 1:51.9 | Is this version of 40 OS stable enough without knowing that a critical already exploited vulnerability is being patched, of course you're going to treat an update like this a lot less urgently. |
| 2:08.9 | As far as affected versions go, well, for 40OS, the 6.2, 6.4, 7.0 and 7 7.2 version are vulnerable. For the US 6K, 7K, you also got the 6.0 branch that is also vulnerable. |
| 2:29.7 | And as I said, updates were released a couple weeks ago. Now, with his advisory, Fortigate also lists various indicators of compromise that they found on this system that was actually compromised. |
| 2:45.1 | Of course, no guarantee that this is of the only set of indicators of compromise that you will see, but probably a good place to start. |
| 2:55.3 | And of course, 48 is not alone with vulnerable VPN's Pulse Secure is a VPN solution that had its share of vulnerabilities. |
| 3:05.1 | And according to a report from census, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.