0:00

hello welcome to the thursday

0:02

august eighteenth two thousand twenty

0:04

two edition off the science and it's nonsense

0:06

storm gas my name is johan as

0:09

all right hand i know yet again recording from

0:11

jacksonville florida but you may

0:13

be able to tell by that thunderstorm

0:15

and to rein in the background these

0:18

last couple days i spent some time

0:20

looking at sub traffic to play with the you

0:22

will take as the came on ability

0:25

and as part of fed this

0:27

of overall experiments i also set

0:29

up set week as two weeks server

0:32

what surprised me and surprised

0:34

guess should not have surprised me was

0:37

how much this increase the

0:39

old boys over ip scanning traffic

0:42

and that was seen by this

0:44

server now voice over ip or

0:46

a sip a traffic is quite

0:48

commonly been used to scam

0:50

random the system say it off

0:52

makes one of the top ten ports

0:55

in our list but

0:57

as soon as i set up the server

1:00

that number of hits pry p wind

1:03

up easily by a factor

1:05

off of one hundred and

1:07

it was a very simple setup of the server

1:09

didn't will allow any of phone

1:11

calls said just sort of was you

1:14

just accepting packets and were returning

1:17

a permission denied that

1:19

a percent of all kinds of attacks

1:21

are scams that i know that

1:24

of one was they're basically someone just

1:26

try to call a number be up my

1:28

server the second one was ready

1:30

actually tried to register

1:32

and extensions with this voice

1:34

over ip servitude then of course would have allowed

1:37

them to impersonate whatever

1:39

company runs of that particular

1:41

server and the two

1:43

most called number of other sort of matchstick

1:46

harman exploit activity that seen

1:48

in exposed voice over ip

1:50

servers one number

1:52

was in the palace

1:54

time at territories quite often

1:57

in areas like this that are some of

1:59

not a loaded in unlimited

2:02

a calling plan for such people

2:04

still worry about the cost

2:07

of calls and of course that

2:10

leads to them attempting to use

2:12

unprotected voice over ip server is the

2:14

second one was a number in chicago

2:17

this may have been attempt to use

2:19

set of for scam calls of course

2:22

using some yeah be configured

2:24

voice over ip server makes it easier

2:27

to hide the true identity off the

2:29

scammer and also makes

2:31

it less likely that the it is camera

2:33

is then shut down we

2:36

got zero days today as today

2:38

be received a few interesting updates

2:40

all passing act the fleet exploited

2:43

a worn abilities let's start

2:45

with apple aapl up the that mack

2:47

was monterey and the i us

2:49

as well as i pad west's and

2:51

to dissipate sixty two warner

2:54

bullies and all me to warn of

2:56

billions both of these worn abilities

2:58

are already actively being

3:01

exploited model of details

3:03

here of course as typical for apple

3:05

one of these want to believe is in a web

3:08

kid and allows for operate code

3:10

execution as the victim

3:12

is visiting a particular a website

3:15

the second one is of then a problem

3:17

that allows for privilege escalation

3:19

so if you're connecting those

3:21

to warn abilities it's a user

3:24

visits a malicious website the

3:26

attacker will be able to

3:28

execute code as route not

3:30

clear if older versions of mack was

3:33

are effective as well what apple

3:35

typically dust with these web kids want

3:37

a belief is that they will later

3:40

released an update for safari that

3:42

success of these are wet can issues

3:45

for older operating systems

3:48

the to release too bleak rome one

3:51

all for and it does six

3:53

a number of critical and a medium

3:55

flaws but it also does

3:58

a tourists of on ability that's

4:00

already have been exploited for

4:02

that sort of our second or third

4:05

if you count apple as to sarah

4:07

day being patched and

4:09

a third item here is not exactly as siro

4:11

day but some worn ability in cisco

4:14

equipment that wasn't

4:16

sort of properly patched recently

4:19

rapid , researcher j cop

4:21

baines at the discover to warn

4:23

ability and the problem you're essentially

4:25

is that the an administrator

4:28

if they're connecting at who militias

4:32

adapt this secure device manager

4:34

secure device dm a server a while

4:37

that malicious server can execute

4:40

arbitrary code on the administrators

4:42

workstation now, you expect

4:45

there is some kind of certificate setup

4:47

or so, to make started you're connecting it to the

4:49

correct server apparently it that

4:51

hasn't been done properly by

4:54

sisqo and i wasn't update released

4:57

last week when this was first

4:59

announced and jacob also released

5:02

a xbox one called state

5:04

state state the

5:06

fix that cisco blind was that

5:09

will not give you a up

5:12

when you're connecting, but that pop up morning,

5:14

we'll just tell you is that the

5:16

version of the asdm

5:19

server is out of date? it also

5:21

suggests patching so let's

5:23

hope that that this prompt cisco

5:26

administrator into maybe look closer

5:29

but by the time you connected,

5:32

it's pretty much already at too late

5:34

of for big her earlier to overcome

5:36

is that administrator first

5:39

needs to connect to the malicious server

5:41

using that cline and

5:44

is it for today, is thanks

5:47

for listening and talk to you tomorrow