meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, June 16th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 16 June 2021

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Newish Mirai going after Sonicall/DLink/Cisco; MSFT Teams Bug; Google Open Sources Homomorphic Encryption

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Wednesday, June 16th, 2021 edition of the Sandtonet Storm Center's Stormcast.

0:07.9

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida, and still teaching virtually in Paris, France.

0:17.4

Of course, more than abilities in perimeter security devices are all the rage these days, so no real

0:23.9

big surprise that we also have some botnets jump on the bandwagon.

0:29.6

Have observed the Mirai botnet, at least one version that is associated with some of the

0:37.0

original Mirai code using a relatively reasoned kind of

0:42.5

sonic wall vulnerability for the last couple days in order to look for new victims.

0:49.5

The vulnerability here well is not new in the sense that it is a shell shock. Shell shock, of course,

0:55.6

has been around since 2014. Sonic Wall has released updates in 2015 with firmware SMA 8004,

1:05.5

but apparently there are devices that were left out or not patched, and that sort of became news again a couple months

1:13.3

ago with the rediscovery of these flaws. We now have this particular version of Mirai

1:20.6

scanning for this vulnerability. This particular version has a number of other sort of tricks up its sleeve and it seems to be going sort of for, for example, for dealing firewalls as well, also for Cisco Hyperflex.

1:35.1

It does have an exploit that we observed scanning for a Ruby Webric vulnerability. In addition to a number of additional warn abilities that it's

1:46.3

scanning for based on the data from the binary that it's downloading, but actually observed

1:54.6

in our logs, we only saw a couple of these vulnerabilities. So some of them may only get scanned for if the server does provide a specific response.

2:07.6

Other than that, really just, no, Mirai, as usual, it first downloads a little shell file

2:13.5

that will then download a number of binaries for different architectures and run them and basically

2:20.9

see what sticks, see what runs, and that will then be continuing the scanning.

2:26.7

As far as defenses go for this particular botnet, don't really worry about it.

2:31.1

You either are warnable and have been exploited a long time ago,

2:35.3

or you are already patched.

2:39.3

And I've got some interesting new open source software from Google, and that's a homomorphic

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.