ISC StormCast for Tuesday, March 6th 2018
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 6 March 2018
⏱️ 7 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, March 6th, 2018 edition of the Santered Storm Center's Stormcast. |
| 0:07.6 | My name is Johannes Ulrich Entertainment recording from Jacksonville, Florida. |
| 0:12.6 | As the saying goes, everything can be done better with a shell script and all it needs for world |
| 0:17.5 | peace is the right one-liner. |
| 0:20.3 | Well, Xavier looked at a real neat sort of malicious badge script. |
| 0:26.0 | In this particular case, of course, we get a crypto coin miner installed. |
| 0:31.2 | Kind of interesting that they are bothering to actually figure out how many CPUs are running |
| 0:36.2 | on the system so they can set up the right |
| 0:39.3 | number of threats but that's not it they're also enabling gran jobs and enabling root back door |
| 0:49.3 | now as Xavier points out often the route isn't allowed to log in via SZH, but well, sadly, that's not true a lot of the times, so probably this will work. |
| 1:00.0 | Interesting also that they're attacking Redis. |
| 1:04.3 | Redis is yet another one of these memory-based no-seql databases, somewhat competing with MAMCashD that kept us busy last week. |
| 1:15.6 | In this case, however, they're not interested in a denial-of-service attack. Instead, they're trying |
| 1:20.7 | to use Redis to install malicious code on these remote systems. Now, talking about MAM, the denial of service attacks continue to come and continue to get bigger. |
| 1:35.3 | The latest record as Arbor reports, it's 1.7 terabits per second. |
| 1:42.3 | The attack last week with GitHub was 1.3 terabits per second. The attack last week with GitHub was 1.3 terabits per second. Now both numbers come from Arbor, so I think they're somewhat comparable. But as always, with denial of service attacks that are that large, you'll have to take these numbers with a crane of salt given that quite often |
| 2:04.4 | with these large attacks, actually not all of the traffic is detected because it will get |
| 2:11.2 | blocked rather far upstream to the congestion close to the source of the traffic. And if you're using the popular Java framework SpringData Rest in order to create Rest APIs, |
| 2:25.3 | you may want to double check if you are up to date. |
| 2:28.3 | The problem here is remote code execution vulnerability that was fixed back in September last year, but so far we |
| 2:38.5 | didn't really have a lot of details about it. Last week, the company that discovered the vulnerability |
| 2:45.9 | did release a little bit more detail about what the vulnerability is actually about. So this is probably |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.