Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
Hello and welcome to the Friday April
0:02
Nineteenth, Two thousand twenty Four edition of
0:05
this sad to read: Stomps On Ice
0:07
Storm Cast My name is your Highness
0:09
All Rick and Ram Recording from Washington
0:12
D C. And
0:14
we now have a public proof
0:16
of concept and more details forward
0:18
the the Linear Secret server wanna
0:20
Billie or pie colleague at it
0:23
though we used to be known
0:25
as this particular worn ability allows
0:27
and an authenticated user and to
0:29
gain access to the he be
0:32
high on these devices interesting born
0:34
ability ends of one of those.
0:37
Tricky. Off. Occasion. Bypass.
0:40
Warner Police they often run into
0:42
when developers try to something fancy
0:44
different and don't quite understand all
0:46
the precautions off the all the
0:48
case and schemes the come up
0:50
with. The problem here is that
0:52
a first of all there's a
0:54
user Id that's just encrypted with
0:56
a static key so pretty easy
0:58
to find is that a key
1:00
into coat and then create your
1:02
own encrypted user id. Just
1:05
simply impersonating do you sir are
1:07
with this encrypted user id was
1:09
not possible initially because there was
1:11
also a time stamp that was
1:14
linked to a random you idea
1:16
that there was not predictable but
1:18
turns out if if this you
1:20
ideas just removed and the expiration
1:23
date of the session then well
1:25
that check his skipped and an
1:27
attacker is able to log in
1:29
as any user exploitation of this
1:32
is pretty straight forward based on
1:34
these. This blog post. The blog
1:36
post was published by Johnny We Are
1:38
who did initially also find and report
1:41
the born ability to who at the
1:43
linear. And
1:45
thanks to Tenable, be also know
1:47
have an additional details and a
1:49
proof of concept exploit for the
1:52
event he avalanche he buffer overflow
1:54
Something I mentioned earlier this week
1:56
so. Both. the linear and him
1:58
on t you should patch these
2:00
products before you leave for the
2:02
weekend. Typically
2:05
fishing campaigns don't really get me
2:08
that excited, but Lookout has a
2:10
nice write up about a bit
2:13
more sophisticated fishing campaign in terms
2:15
on how they are impersonating their
2:17
targets. First of all,
2:20
these fishing emails are actually
2:22
SMS messages as they show
2:24
up as are targeting specific
2:26
individuals. Then the link
2:29
the particular SMS message then
2:31
connects to is
2:33
customized to the individual
2:35
to display them a very
2:37
convincing fishing page, in particular
2:40
when you're dealing with mobile
2:42
devices. This, for example,
2:44
involves registering specific domains that
2:46
are really good in impersonating
2:48
the specific target, also including
2:50
things like phone numbers and
2:52
such in the domain in
2:54
order to make the particular
2:57
fishing attack more convinceable. Pretty
2:59
good thing to maybe include in a
3:01
various presentation to show that it's not
3:03
always sort of these very
3:05
obvious and simple fishing attacks that
3:07
your users should be ready for.
3:11
And Hashicorp released an update
3:13
for GoGetter. This
3:15
particular library allows downloading files
3:18
from URLs, including Git URLs.
3:20
And if a Git URL
3:22
was downloaded, which means that
3:24
the URL is being passed
3:26
to Git command line
3:29
arguments weren't escaped properly, and
3:31
that could have then led
3:33
to code execution. And
3:36
Cisco published a blog post about
3:38
what they're calling the awful router
3:41
virus. This
3:43
particular virus is interesting because
3:45
it very specifically targets Ukraine,
3:47
even though some of the
3:49
code in the virus is
3:51
somewhat broken, which reduces the
3:54
effectiveness of this virus somewhat.
3:56
But still, even with not being
3:58
100% effective, virus has
4:00
been hanging around for several years now and
4:02
appears to not be going away, maybe
4:05
in some ways by not being overly
4:07
effective, it turns out to be a
4:09
little bit quieter and with that is
4:12
less likely going to be found in
4:14
networks. This virus includes itself
4:16
as a macro in Word documents.
4:18
Of course, one
4:21
problem here is that macros are
4:23
typically no longer executed by default.
4:26
When it infects a particular system,
4:28
it may then attach itself to
4:30
additional Word documents and upload other
4:32
Word documents to public file repositories
4:35
where an attacker could then download
4:37
them from. More details
4:39
about the virus can be
4:41
found in Cisco's blog. It's
4:43
believed that this particular virus
4:45
focuses on Ukraine because the
4:48
only documents being found infected
4:50
were written in Ukrainian. Not
4:53
all the details are yet
4:55
quite known about this sample.
4:59
Well, that's it for today. Thanks for listening
5:01
and talk to you again on Monday.
5:03
Bye.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More