meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, May 20th 2020

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 20 May 2020

⏱️ 7 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Port 62234; Cisco Patches; Google Chrome 83; QNAP @Happyholic1203

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Wednesday, May 20th, 2020 edition of the Sands and its Storm Centers.

0:07.4

Stormcast, my name is Johannes Ulrich.

0:09.7

And today I'm recording from Jacksonville, Florida.

0:13.8

Rick noticed today some odd traffic, an odd spike-in traffic against Port 62,234. Haven't really explained what this is all

0:25.7

about, what attackers may be looking for here, but the number of sources scanning for this

0:33.1

particular port, well, still not amazingly big, but certainly a 3 to 400 range, has significantly

0:40.5

increased over the last day. So in particular, if you are seeing outbound traffic to port

0:47.3

62,234, let us know, and it would be nice to see what's causing this spike.

0:57.4

And Cisco released a number of updates today.

1:01.6

Nothing critical, only high in Cisco's rating.

1:09.2

Now, there is one vulnerability I want to draw a bit attention to, and this is a memory leak in the adaptive security or ASA appliance and firepower threat defense software.

1:17.7

The issue here is that an attacker could send a crafted get request to the web interface of the appliance

1:26.1

and receive memory content back. Now, Cisco points out that

1:31.9

each time that's being attempted, there may be different memory coming back and that the

1:37.1

memory may include authentication cookies. So depending on luck of the draw, I guess, this could certainly lead to a compromise of the appliance and something that you should watch out for.

1:50.5

And that's probably the vulnerability I would suggest here that you should use to justify patching.

1:57.9

The other vulnerabilities are for the most part denial of service vulnerabilities.

2:01.6

So yes, the rating of high is appropriate for those issues.

2:06.6

And of course, patching could result in the denial of service itself if something goes wrong.

2:13.6

And Google today released version 83 of Google Chrome, and well, they skipped actually version 82 due to COVID-19.

2:24.2

In addition to fixing a number of vulnerabilities in version 83, Google also adjusted some security features.

2:33.6

First of all, instead of just doing so a simple update check, there will be more a security review,

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.