ISC StormCast for Wednesday, February 22nd 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 22 February 2017
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Wednesday, February 22nd, 2017 edition of the Sansanet Storm Center's |
| 0:07.1 | Stormcast. My name is Johannes Ulrich, and today I'm recording from Scottsdale, Arizona. Microsoft |
| 0:13.8 | still delivered one bulletin from February's skipped patch Tuesday today, and that's MS-17-005. |
| 0:23.3 | It is the Microsoft Mirror of Adobe's Flash Bulletin that was published last Tuesday. |
| 0:31.2 | For quite a while now, we did have it where Microsoft did issue bulletins for Flash updates |
| 0:37.3 | that did affect Microsoft's own browsers like Microsoft Edge and Innet Explorer 10 as well as 11. So this is no big surprise. This isn't really a new vulnerability here. Just Microsoft did publish this bulletin now because the wallablies were already known and addressed in Adobe's bulletin. |
| 1:00.2 | So with Microsoft's update today, we now have a patch for these vulnerabilities for InExplore 1011 and Edge. |
| 1:07.9 | Last week, we had a diary by Xavier about how the preferred network list can be used against |
| 1:14.1 | a user to detect what locations this user may have visited in the past. Well, a great testament to |
| 1:21.8 | the diversity of our handlers. Today, we sort of have a defensive response to that particular article by Rob |
| 1:30.5 | that will show you how to collect these preferred network lists from users in your environment |
| 1:37.5 | using a PowerShell script. This can be quite useful to figure out if certain users are very careless about connecting |
| 1:46.4 | to other wireless networks and can then also be used, of course, to detect machines at risk |
| 1:53.8 | of being compromised. Of course, this may not be perfect given that it's not that difficult to impersonate SSIDs and tools like |
| 2:04.0 | Karma of course will allow NetHacker to automatically impersonate any SSID that a particular client is |
| 2:11.1 | looking for. So Rob's PowerShell script is ready to go for you if you would like to investigate your network to figure |
| 2:19.0 | out what your users are connecting to. CyberX, a company that specializes in monitoring industrial |
| 2:27.0 | control systems, published an interesting blog article about some malware they found at several |
| 2:33.8 | of their customers. What's sort of unique |
| 2:36.3 | about the malware is that it does enable the microphone on the system and then exfiltrates |
| 2:42.3 | large audio files back to whoever is in control of the malware. Of course, there's no news here |
| 2:49.8 | in terms of being able to turn on the microphone, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.