meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, November 27th, 2024

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 27 November 2024

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Network Detection for Redtail; Next Neighbor; NachoVPN; Keycloak, PAN and Patches

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Wednesday, November 27th, 2020,

0:05.1

for edition of the Sansonet Storm Center's Stormcast.

0:09.0

My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

0:14.4

In Diaries today, we got yet another guest diary by one of our undergraduate interns. David Fitzmaurice is writing about the Red Tail

0:26.0

Minor. Like many minors, this one is targeting Unix devices that expose ZH with a weak

0:34.8

password. So very basic vulnerability here being exploited. Any minor then typically

0:41.7

ends up on IoT devices, which are quite frequently exposed and have known vulnerable

0:48.9

passwords. The problem with IoT devices is often that you aren't able to implement a lot of endpoint protections,

0:57.5

so you're relying more on the network detection order to identify infected systems,

1:04.8

and that's what the diary focuses on, how to detect this particular malware on the network. There are some

1:14.1

neat snort rules, for example, being introduced, but then David is also going over some other

1:21.0

network traffic, like, for example, DNS requests that may point to a particular infected system. Good diary because, well, these

1:32.4

miners are around. They are often also a good sort of canary. If you find a minor on a system,

1:40.7

just like the other stuff happening on it too, just miners tend to be the ones that are relatively easy to find.

1:49.2

Last week, researchers from Waleck City did publish a blog post that got quite a bit of interest and rightfully so,

1:58.3

for a somewhat unique attack vector that was used.

2:01.8

And I just want to point out that sort of one part here of a fairly complex attack,

2:08.2

and that's attacks from neighboring Wi-Fi networks.

2:13.7

Apparently, the bad actor in this case did compromise initially not the network of the target itself, but instead a network of an organization across the road from the target and then used Wi-Fi infrastructure at that compromise network to then reach out across the road and compromise the targets

2:37.3

and Wi-Fi network.

2:39.2

And with that breach multiple systems inside their infrastructure.

2:44.4

The one takeaway I want to point out here a little bit is that this particular attacker

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.