meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, November 24th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 24 November 2021

⏱️ 3 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Improved YARA Maldoc Signature; Windows Installer 0-Day; VMWare VCenter Vulnerability

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Wednesday, November 24, 2021 edition of the Sandtonet Storm Center's

0:07.5

Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

0:14.6

I've got only a couple of quick stories today. Did he improved a bit on his Yara signatures that he published on

0:23.3

Monday. These new signatures are removing a couple false positives that he ran into after further

0:31.4

testing these signatures. So again, if you want to use Yara to detect malicious office documents,

0:39.7

malicious here means pretty much anything with a macro,

0:43.5

then definitely take a look at these simple signatures.

0:48.1

Probably the biggest story to keep an eye on is the new Windows installer vulnerability.

0:58.2

I talked about that yesterday. There are new proof of concepts out there, and apparently, according to Cisco, it's already being exploited in the wild

1:04.2

by Malver that uses this vulnerability for privilege escalation. This is a privilege escalation vulnerability, so the code

1:12.4

has to run as a legitimate user with credentials, but then can be leveraged to gain administrator

1:19.7

rights. And again, this was sort of patched in the last patch Tuesday in November, but wasn't patched completely, and this new version of

1:31.2

the exploit is bypassing the current patch.

1:36.2

Talking about ProVage Escalation, there is also a Proach Escalation Vulnerability in Oracle's

1:42.8

Virtual Box, and there are now more details about this particular

1:48.2

vulnerability, which has been patched back in July, so you hopefully have this already applied.

1:56.9

New virtualization vulnerabilities, we do have an important advisory from the Amber for V-Center server.

2:05.6

Important vulnerability patched here could be used for arbitrary file read and it's a server-side request for jury vulnerability.

2:14.6

I don't think any of this requires immediate action, so I hope you step

2:21.2

away a little bit from your computers over the weekend and get some rest and don't get

2:26.8

pulled in by family to patch and update their computers. And for everybody outside of the

2:33.4

US, well, enjoy the low news cycle that usually comes

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.