ISC StormCast for Tuesday, July 23rd 2019
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 23 July 2019
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, July 23rd, 2019 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida. |
| 0:13.7 | Great little walkthrough by DDA today in his post about how to analyze a compressed PowerShell script. |
| 0:21.6 | The not only tells you how to recognize these type of scripts, but also how to decode it |
| 0:28.0 | and of course under heavy use of the DA's own OLLI dump tool. |
| 0:34.9 | And if you are running Palo Alto's Global Protect SSL VPN, make sure you are running the latest version. |
| 0:44.3 | About a year ago in July, actually, 2018, Palo Alto released an update for Global Protect, but it didn't note a particular easy to exploit remote code execution |
| 0:57.0 | vulnerability. To researchers that were actually doing a security assessment of Uber, ran into |
| 1:04.6 | this vulnerability when they explored Uber's Global Protect setup. They reported the vulnerability to Palo Alto only to find out |
| 1:13.9 | that it was already patched in the latest version of Palo Alto's software. The problem here, |
| 1:20.7 | of course, is since Palo Alto never actually pointed out this vulnerability, and it is |
| 1:26.7 | trivial to exploit vulnerability. |
| 1:30.4 | It never really got the attention needed to get people to actually update their devices. |
| 1:37.0 | So if you still run a firmware that's a year old or older, you may be vulnerable and you |
| 1:42.8 | probably should double check that you run the |
| 1:45.5 | latest version of PanOS. |
| 1:47.7 | And well, then we also got updates from 40 Net. |
| 1:53.0 | We have updates for 40 OS, 40 manager and 40 analyzer. |
| 1:58.6 | All of these updates are fixing a critical certificate revocation vulnerability |
| 2:03.6 | that could be used by an attacker to use an invalid certificate for authentication. |
| 2:10.6 | So the way this would be exploited is that if you are revoking a certificate that, for example, is lost, if a device got stolen or something |
| 2:20.1 | like that, the revocation may not necessarily be effective. As an additional quirk to this update, |
| 2:27.2 | it has to be installed manually. And the NSO group, which is famous for selling high-end spyware, in particular to government clients, has announced that it has come up with a new smartphone spyware. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.