meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, November 17th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 17 November 2021

⏱️ 7 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emotet Returns; NPM Security; Intel CPU Debug Vulnerablity; Router Vulnerablity List

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Wednesday, November 17, 2021 edition of the Santernate Storm Center's

0:06.9

Stormcast. My name is Johannes Ulrich, and I'm recording from Fort Walton Beach, Florida.

0:14.3

Back in January, Ukrainian law enforcement and others took down the principles behind the Emotet botnet. And since then,

0:24.6

there hasn't really been much to be said about Emotet. It was pretty much dead, but sadly,

0:31.6

not dead for good. As of this week, we start having new EMUD samples arriving in victims' in boxes.

0:41.3

And I guess to celebrate, Brad did publish a diary today with one of his famous walkthroughs of

0:48.3

an EMOTT infection and what kind of traffic this botnet is generating.

0:55.0

One of the reasons that Emot Head is so dangerous is the emails that it crafts are crafted as replies to actual emails.

1:03.4

So as soon as a victim is compromised, it pilferes recent emails in the victim's inbox and replies to these emails, including its

1:13.9

malicious attachment. The attachment itself, well, nothing really all too special. It's a Microsoft

1:20.1

office document with a macro and of course a message asking the user to enable macros so it can do its evil thing.

1:30.0

One thing Brad pointed out that changed is that additional downloads and the command control

1:35.4

mechanism now uses HTTP. Prior versions have done this via HTTP.

1:42.4

So office macros still remain sort of one of the major issues here that you

1:46.8

need to get a handle on. And of course, that's not just because of Emotet. There are plenty of

1:51.5

other pieces of malware that take advantage of essentially the same trick, trying to get users

1:58.3

to enable macros in order to then download and run additional malware.

2:04.1

And as far as EmoThead goes, I don't think the use of HDPS is adding sort of a new significant barrier to detection.

2:13.7

And GitHub, who is maintaining the NPM registry, has published a brief blog post outlining

2:20.9

two vulnerabilities that were recently addressed in the NPM registry and some of the security

2:28.5

enhancements planned for the near future. First of all, the vulnerabilities, The first one potentially did expose the presence and the names of internal NPM packages.

2:41.5

This, of course, could be dangerous with respect to some name confusion issues that we talked

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.