meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 14 March 2025

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Friday, March 14, 2025 edition of the Sands Internet Storm Center's Stormcast.

0:08.9

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

0:14.2

In today's diary, Gies talking about how to use Microsoft's business intelligence tool, Microsoft BI, in order to better understand what's happening with binaries uploaded to your honeypot.

0:27.8

The honeypot uses a cowrie.

0:30.5

Cowry, of course, is able to collect any files that NetHacker uploads to the honeypot, and we support this as an option in the Honeypot,

0:41.1

but then of course you also want to go over the data and see if you found anything new and

0:46.7

interesting. Well, with business intelligence, it's fairly straightforward and GEE goes over

0:52.2

the process to import this file data into business

0:56.9

intelligence and then slice and dice it, look for anomalies, look essentially for odd and

1:02.5

interesting things using business intelligence.

1:05.3

Pretty interesting tool, personally not that familiar with it, but Gea has been using

1:10.3

it more and more to look at honeypot data and is pretty happy and successful in doing so.

1:16.9

I've got an interesting vulnerability this week that I probably should have covered yesterday, but things were a little bit messy about.

1:24.3

Let me describe this a little bit, it's about Apache Camel.

1:28.1

Apache Camel is an open source integration framework. It helps to essentially connect

1:34.7

different APIs together, and it's quite popular, for example, to orchestrate Kubernetes clusters.

1:43.1

That being said, well, there was recently fairly simple to exploit

1:49.3

vulnerability in Apache Camel that required you to set a specific header. So you all need to do

1:56.2

is add a command to the header as a value and then the the command will be executed. Now, you may say,

2:04.1

how can something simple, stupid like this happen? Well, the problem was that these headers were

2:08.9

only supposed to be used sort of internally, and any external request with a header like this,

2:14.6

well, was supposed to be filtered. But the filters were case sensitive, so by being a little bit creative with upper lower case,

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.