ISC StormCast for Tuesday, December 19th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 19 December 2017
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, December 19th, 2017 edition of the Sandtonet Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Washington, D.C. |
| 0:13.2 | We get quite a few of word documents from our readers, and of course, the big question is initially always is it malicious or not sometimes these |
| 0:23.1 | word documents are really just used for spam so in the latest case here ddia is looking at a document |
| 0:30.3 | that we received from carlos did he does a nice job in this two-part series looking at the document structure of these word files |
| 0:40.0 | and how to quickly triage them, how to figure out if there's something worthwhile looking into deeper |
| 0:45.5 | or is this something we should worry about or in this case, well, it's just spam, so probably |
| 0:51.5 | nothing bad happening here. And with insecure deserialization making it into the |
| 0:58.3 | OASP top 10, we do see more work being done, looking at various file formats and how they are |
| 1:06.0 | deserialized. And thanks to Anna, who is currently actually taking the defending web application security |
| 1:12.3 | glass for pointing me to a blog post by Code White that is looking closer at the action message |
| 1:19.9 | format, or as they somewhat jokingly call it in this blog post, another malicious format. They're looking at a couple of different |
| 1:30.1 | Java AMF libraries and find vulnerabilities in all of them. And while this file format is somewhat linked |
| 1:39.0 | to Flash, it can be found in a number of products that are using these Java AMF libraries. |
| 1:47.7 | Sadly, out of the three vendors that are affected here, only one Apache has a patch available. |
| 1:55.9 | One of the vendors Exedal actually discontinued its library. |
| 1:59.9 | And the third one, Gran ds and web orb for java actually |
| 2:06.5 | hasn't responded yet to the disclosure now looking over the different vulnerabilities probably |
| 2:13.4 | a diverse issue here and again not that uncommon sadly for these kind of libraries |
| 2:19.4 | that within the file and attacker would be able to define Java classes that are then executed |
| 2:27.8 | as the code is parsed leading to arbitrary remote code execution and one issue with browser extensions is that these browser extensions, of course, |
| 2:39.7 | do have full access to the content the browser provides, |
| 2:44.3 | but also, if not done correctly, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.