SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker β Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 β’ 696 Ratings
ποΈ 8 January 2025
β±οΈ 7 minutes
ποΈ Recording | iTunes | RSS
π§ΎοΈ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Wednesday, January 8th, 2025 edition of the Sandcent Storm Center's Stormcast. |
| 0:10.1 | My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida. |
| 0:16.1 | Ejing published a diary about the researchers of cryptocurrency mining matter targeting php |
| 0:22.8 | servers. At hackers are |
| 0:24.6 | exploiting vulnerabilities, |
| 0:26.6 | such as CVE |
| 0:28.1 | 2024-4577. |
| 0:31.7 | That's the |
| 0:32.8 | misconfiguration in |
| 0:34.9 | PGPI CGI |
| 0:36.6 | installations. |
| 0:39.0 | Once they gain access, they deploy a dropper, VR0P.exe, that deploys additional payloads, |
| 0:47.8 | including PkT.exe, and PacketCript.exe. |
| 0:53.1 | These malware pieces are then being used to mine the packet crypt, |
| 0:59.1 | classic cryptocurrency, not a cryptocurrency I've heard about, |
| 1:03.2 | but they always come up with something new when it comes to cryptocurrencies. |
| 1:08.8 | This pH-PCI vulnerability is somewhat specific to Windows, which |
| 1:13.3 | is why you have these EXEs being uploaded here. A simplest way, of course, they detect |
| 1:19.7 | miners like this is typically CPU load spikes, patch management. Really important here. |
| 1:30.2 | This is not super recent vulnerability. |
| 1:33.8 | A vulnerability has been exploited for a while now. |
| 1:42.6 | And the vulnerability is also being exploited by other malicious tools and such. So when you're doing incident response in this particular case, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright Β© Tapesearch 2025.