meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, November 6th, 2024

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 6 November 2024

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python RAT Screen Share; Android Security Bulletin; VMs Delivery Malware; Fake Docusign Invoices

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Wednesday, November 6, 2020, 4 edition of the Sansanet Storm Center's Stormcast.

0:08.4

My name is Johannes Ulrich and the name I'm recording from Riyadh, Saudi Arabia.

0:14.6

Xavier today took a look at some a little bit older Python map that still has a fairly low virus total score with only

0:24.1

three antivirus engine that's actually detecting it.

0:28.2

It's a relatively standard malware with the usual remote administrator type features,

0:35.9

but one feature that kind of sticks out is that in addition to just

0:40.0

doing simple screenshots, this malware can actually live stream the victim's desktop to a video

0:48.1

server set up by the hacker. This takes advantage of a standard Python library and according to a quick demo that

0:58.2

Xavi recorded and you can see that in the diary does work quite well and actually provides a

1:05.6

quite good quality of the video that's being streamed from the victim's desktop. And that hacker could,

1:12.8

of course, always also record these streams and then later review them for any potentially

1:19.8

leaked information. And Google released its monthly update for Android for November. This particular update is significant

1:30.4

because it does fix two already exploited vulnerabilities. One of the vulnerabilities is approach

1:38.5

escalation vulnerability in the framework. The second one affects Qualcomm components and Google refers here to Qualcomm's

1:50.0

upcoming bulletin for more details. Haven't seen that being published yet, but this one is also

1:56.8

rated high-end, well, it's a kernel component.

2:01.6

So as usual, Android users should update quickly as these updates become available for their particular phone.

2:11.2

And in the past, attackers have often used very large and sometimes artificially inflated files in order to prevent anti-malver

2:19.6

solutions from scanning malicious files. Looks like according to researchers from Securonics

2:26.9

that, well, the hackers have sort of pushed that a little bit further now by actually

2:33.1

delivering an entire Linux virtual machine.

2:37.0

Now, this Linux virtual machine comes including the QEMO emulation environment, very popular

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.