ISC StormCast for Tuesday, December 8th 2020
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 8 December 2020
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, December 8th, 2020 edition of the Sandcent, Sunners, Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida. |
| 0:13.7 | Great and extensive follow-up today by DDE about a diary that they actually posted a while ago about corrupted base 64 strings, |
| 0:23.9 | more details on detecting them, and also ultimately decoding them, |
| 0:29.1 | even if they're not quite meeting the base 64 standard. |
| 0:35.0 | Security researcher Oscars Vagaris did publish an interesting blog post regarding a recently |
| 0:43.3 | patched vulnerability in Microsoft Teams. |
| 0:47.7 | Now, Oscar found originally this vulnerability, but is disputing the impact that Microsoft assigned to the vulnerability. |
| 0:57.0 | No need to patch. Microsoft Teams patches itself automatically, but Microsoft only considered |
| 1:05.0 | it as a spoofing vulnerability. Now, at the route there was a cross-site scripting problem, and Oscars has found similar problems |
| 1:15.7 | in Slack. Turns out that Microsoft Teams, just like Slack, is written using the Electron |
| 1:22.5 | framework. Electron, I've mentioned it a couple times before in this podcast, is a framework that allows |
| 1:28.6 | you to write desktop applications using JavaScript and HTML. So essentially, your desktop |
| 1:36.6 | application is using the same code as a web application. That's at least the idea. But with that, |
| 1:43.4 | of course, vulnerabilities are also |
| 1:45.9 | kind of transferred. And a cross-site scripting vulnerability in an electron application does |
| 1:52.9 | often indicate that you may be able to execute arbitrary code because this JavaScript that you're |
| 2:00.7 | now injecting with your cross-side |
| 2:03.6 | scripting exploit is not displayed by a browser, but instead interpreted by the electron |
| 2:11.4 | framework and treat it as native code that runs on your system. To add insult to injury in order to actually trigger |
| 2:21.3 | this vulnerability, a victim doesn't actually have to click at anything or really interact. |
| 2:27.1 | They just have to view a team's message in the team's application, so no real meaningful user interaction is required. |
| 2:38.7 | Again, this was patched back in October, and Teams does sort of patch itself, so nothing really |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.