meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Stormcast, Jan 13, 2025: Defender Updates, Ivanti RCE, Apple USB-C Hack and more

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 13 January 2025

⏱️ 7 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 13, 2025: Defender Updates, Ivanti RCE, Apple USB-C Hack and more

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Monday, January 13th, 2025 edition of the Sands Internet Storm Center's Stormcast.

0:08.7

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

0:14.7

Well, let's start with some Internet Storm Center diaries.

0:19.3

We got a great one from Tom here. Actually, follow up to a story that broke over the holidays and I covered last week about Grome extensions, in particular the Cyberhaven extension and compromise that caused quite a bit of concerns.

0:36.7

Tom is writing about how to detect what extensions are installed via the Defender Console.

0:44.2

So you have to go to Waterbilly Management Inventory's browser extension,

0:48.1

and that's where you have the data that you need to identify what extensions are installed. You get the Chrome extension ID,

0:58.5

so you can search, for example, for malicious extension ideas. This is, of course, critical,

1:05.4

given all the problems that malicious Chrome extensions have caused and the difficulty in sometimes

1:11.6

restricting Chrome extensions as users legitimately like to install them. And Windows Defender,

1:18.1

of course, is a tool that you typically already have available. And we have a second diary,

1:23.9

this one from DDA. And, well, if it's DDA, it has to include some cool features in Office

1:30.9

documents and some Python scripts to analyze them.

1:34.1

In this case, it's OLE documents being embedded in OOXML documents.

1:41.2

Office Open XML, that's the current standard that you find in Windows Office documents. Office Openxml, that's the current standard that you find in Windows Office documents.

1:48.7

Well, OLE is the older standard, but with OXML being so flexible, it's actually able to embed

1:56.4

OLE documents, and with that make it more difficult to detect malicious content in particular

2:03.3

macros. Now, DDA of course here comes to your aid and helps you with some of his tools like

2:10.7

zipdump. PUI and OLE dump.p.uI to assist you in analyzing these documents and identify anything malicious like

2:20.3

macros. And we have updates about last week's vulnerability in Ivanti's Connect Secure product

2:29.4

from Watchtower. And of course, whenever our watchtower is involved, we usually get sort of a deep dive

2:34.5

into how exploitation works against these vulnerabilities. Again, these were already being

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.