ISC StormCast for Wednesday, April 21st, 2021
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 21 April 2021
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Wednesday, April 21st, 2021 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida. Well, today almost feels like patch Tuesday. We got two products that require critical patches that will address vulnerabilities that are |
| 0:24.6 | already being exploited in the while. |
| 0:28.3 | First of all, we got our good old friend Pulse Secure Fire Eye today, published a blog post |
| 0:34.2 | in coordination with Pulse Secure announcing a new vulnerability that apparently |
| 0:40.4 | is exploited in the wild and it does allow the execution of arbitrary code without authentication. |
| 0:48.3 | Now Fire area has a ton of detail about this vulnerability. Sadly, no patch available yet for this vulnerability. It is being |
| 0:59.0 | exploited together with older vulnerabilities in Pulse Secure in order to completely compromise |
| 1:05.5 | affected devices. Once compromised, backdoor accounts will be installed, web shells will be installed, |
| 1:13.4 | and any updates will not typically delete these backdoors. So these beachheads will persist |
| 1:23.7 | even after a system is upgraded. The attacker will typically also modify the system in order |
| 1:31.0 | to establish special backdoor accounts. And for example, if the system does require two-factor |
| 1:39.5 | authentication, two-factor authentication will not be required for these backdoor accounts, so the attacker will |
| 1:46.4 | still be able to just log in using the attacker's established passwords. |
| 1:52.7 | Also, logs will be modified in order to make detection of these exploits more difficult. |
| 2:07.3 | Now, as far as Pulse Secure's side of the response goes, Pulse Secure did publish an integrity checking tool. |
| 2:08.2 | You can use this tool to verify if your device has been compromised. |
| 2:14.8 | Pulse Secure also published an advisory with some tips in what you can do in order |
| 2:22.0 | to prevent exploitation. For example, they recommend to disable the Windows FileShare |
| 2:28.5 | browser and also disable the Pulse Secure collaboration feature. But they do not have a patch available yet. Neither |
| 2:38.4 | is there a timeline for a patch in the advisory. Within the show notes, I'll link to the advisory. |
| 2:46.5 | So maybe by the time you're listening to this, there will be more details about a patch timeline, |
| 2:52.6 | but this is something that you certainly should patch as soon as a patch is released. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.