ISC StormCast for Tuesday, September 29th 2020
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 29 September 2020
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, September 29th, 2020 edition of the Sandcentred Storm Center's Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida. |
| 0:14.0 | As mentioned before, I usually don't cover breaches unless there is sort of a lesson to be learned or something to be taken away from the particular breach. |
| 0:23.8 | Now, Tyler Technologies has had a ransomware attack, and as part of this attack, |
| 0:31.4 | apparently data was not just encrypted, but as it is typical, these days, it was also exfiltrated. |
| 0:39.1 | We have now a number of different reports that credentials that Tyler used to connect |
| 0:46.2 | to customers, networks are being used by bad guys. |
| 0:51.5 | So Tyler Technologies is a technology provider as such they remote administer customers' |
| 0:58.7 | systems and well that's where these credentials come in play. Now Tyler itself has notified |
| 1:06.6 | customers that credentials that Tyler typically used to connect to customers networks for remote access |
| 1:13.8 | were used by suspicious logins. We also had a reader tell us that they found a Baumgar client |
| 1:23.0 | on a system that was managed by Tyler. Now, Baumgar, now actually known as Beyond Trust, they bought a Baumgart. |
| 1:33.3 | It's a pretty decent, legitimate tool to remote access systems. |
| 1:38.3 | So not clear if this was legitimately installed by Tyler for remote access or something an attacker did after |
| 1:47.3 | getting a hold of credentials used by Tyler. |
| 1:51.2 | But the takeaway here is certainly if you are a Tyler customer, you need to change any credentials |
| 1:58.5 | that you gave to Tyler, call them up, coordinate with them to |
| 2:03.3 | do so, and of course carefully monitor any systems that they had access to. And that's kind of a |
| 2:11.7 | little bit true for any kind of remote access that you grant to other companies. |
| 2:23.7 | Of course, often you do grant that remote access so they can monitor the systems for you. |
| 2:28.1 | It's a little bit of catch-22 in giving them the credentials. Well, you also need to make sure that they are treating those credentials with the necessary care. |
| 2:36.8 | And then we have an interesting diary by Xavier who looked into a power shell backdoor |
| 2:43.9 | that's sort of launched from shell code that's actually injected into an initial |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.