meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Tuesday, March 9th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

News, Tech News

4.9754 Ratings

🗓️ 9 March 2021

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. YARA and CyberChef; Apple Patches; Chrome Blocks Port 554; Intel CPU Side Channel Attack

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Tuesday, March 9, 2021 edition of the Sansonet Storms, Stormcast. My name is Johannes Ulrich, and today I am recording from Jacksonville, Florida.

0:14.0

We got a quick diary today by DDA about how to combine Yara rules and Cyber Chef.

0:24.7

Yara rules, of course, are, well, not really regular expressions.

0:31.3

They're really a pattern matching language, kind of meant to detect malware and regular expressions just part of this.

0:34.8

Cyber Chef is the web-based tool that was created by GCHQ and does allow for various

0:43.5

transformations from base 64 to various encryption algorithms. And they will tell you how to combine

0:51.1

the tool to, for example, more efficiently hunt for visual basic macros,

0:58.0

even in compressed files. And Apple today again updated pretty much everything, Safari, MacOS,

1:07.4

watchOS, iOS, and iPadOS. What's sort of a little bit special here is that all of these updates only fix one particular

1:17.5

vulnerability, and it's the same vulnerability across all of these operating systems, and

1:23.3

that's because it's a WebKit vulnerability.

1:26.6

WebKit is the basic library that is being

1:29.6

used by Apple to render HTML and JavaScript, and it's actually also used by other browsers,

1:38.8

so other updates may be coming. The fact that Apple bothers to release this update just for one single

1:46.2

vulnerability may indicate that this vulnerability is exploited. However, this is not stated

1:54.3

in Apple's security announcement. And in response to a recent Nat, SlipStraming attacks Google may be blocking access

2:07.7

to port 554 by Google Chrome.

2:12.6

Slip streaming refers to a technique where a network will trick a browser into connecting a two net hacker's

2:19.4

site on a specific port, assuming that the firewall is dealing with the traffic using a specific

2:26.7

applicational layer gateway or ALG, and then allowing traffic back into the network on various ports.

2:37.3

The reason for this is that sometimes you do have application where the client is connecting outbound to a particular port,

2:45.0

then the application is responding on a different port inbound, and application layer gateways essentially open these

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.