meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Tuesday, November 30th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 30 November 2021

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Wireshark Update; Google Cloud Security; Zoom Patch; Slack vs DNSSEC

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Tuesday, November 30th, 2021 edition of the Sansonet Storm Center's

0:06.8

Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

0:14.2

We've got a new version of Wireshark, Wireshark 3.6.0, so a somewhat major version, and it comes with a small but if you have used

0:25.5

Vyars Shark extensively sort of annoying bug fix and that's the use of the not-equal

0:32.9

operator which well didn't work with IP addresses in the past. Now, Vyarshark was helpful enough to indicate that with a tooltip and with a yellow background color for the filter window.

0:48.3

But, well, this is finally fixed now, so you are able to use the not equal operator with IP addresses as you probably

0:57.5

always wanted to use it. Of course, the old method of using not and then in parentheses,

1:04.1

IP. Source equals and the IP address, that version will still work as it did before, and that sort of used to be the

1:12.1

workaround for this not equal bug. Well, and who knows, maybe next we'll get an update

1:18.5

to TSPDump that will use capital A instead of the dot for the AC flag, but, well, I wouldn't

1:25.8

get my hopes up on that change.

1:29.2

And Google's cybersecurity action team, or CAT, did release a report summarizing the last

1:37.8

year worth of compromises within Google's cloud offerings. So here we are talking about customers getting compromised,

1:47.0

and well, the number one issue here is passwords being either too weak or being stolen in

1:54.5

fishing attacks, two-factor authentication as Google, yet again, points out, offers adequate security for these threats.

2:04.4

And, well, once you're compromised, chances are extremely high that your cloud resources are being

2:12.1

used to mine crypto coins. Mining crypto coins inside cloud resources, of course, typically not effective,

2:21.1

but if you're not paying for the resource, then of course it works quite well. So nothing really

2:28.2

new or different from other cloud providers. And yet again, you don't have a perimeter to protect you.

2:36.0

Yes, inside your perimeter, it's not a great idea, but you were often able to get away

2:41.4

with weak passwords and such.

2:43.5

You can't get away with that in the cloud.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.