Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
Hello! And welcome to the Friday
0:02
May Twenty Fourth Two Thousand Twenty Four
0:04
Addition Off this Sansom, it's Stomps On
0:07
Ice Storm Cast My name is your
0:09
on us all right and around. Recording
0:11
from Jacksonville, Florida. Happy.
0:14
To have another one of our. Under
0:16
crowded in a duo right
0:18
up about some recent a
0:21
matter that this one is
0:23
the a Red Tail family
0:25
off a Crypto coin miners.
0:28
These crypto coin miners don't
0:30
exploit a specific wanted billie
0:32
per se in order to
0:34
infect systems. They're just going
0:37
for straightforward week username and
0:39
password to one passport of
0:41
that. Our intern here, Robert
0:44
A. Riley, was able. To
0:46
capture was use any route and
0:48
then password or one two three
0:51
with the Oh replaced by a
0:53
Cyril and doesn't have point out
0:55
of eat to have statistics about
0:57
how often specific passports are being
1:00
used if you have like a
1:02
relative for his friend or coworker
1:04
was like that. super tricky password
1:06
like I just replace the Oh
1:09
in password with zero while a
1:11
you can actually showed him the
1:13
data and show them how frequently
1:16
this. Particular password is a
1:18
being attempted a by bots
1:20
out there. Either way, this
1:22
a red tail bought that.
1:24
It's quite an aggressive A
1:26
robber did collect about four
1:28
hundred samples. The overall technique
1:30
it's been using is a
1:32
fairly common. It's applauding Binaries
1:34
for a couple different architectures
1:36
and I'm busy. just sees
1:38
what sticks. It also does
1:40
add a back door in
1:42
the form of an authorized
1:44
keys fall. these authorized. Keys
1:46
files adeptly something that you should
1:48
review and keep a close eye
1:51
on. And after
1:53
yesterday's excursion in who why
1:55
Fi network study, well a
1:58
back add to our. regular
2:00
diet of vulnerabilities. We have an old
2:03
familiar piece of software,
2:06
Veeam Backup Enterprise Manager.
2:09
This tool just patched four
2:11
new vulnerabilities, one with a
2:13
CVSS score of 9.8. It
2:17
does allow an unauthenticated attacker
2:20
to log into the Veeam
2:22
Backup Enterprise Manager as
2:24
any user. The other
2:27
three vulnerabilities less severe, still
2:29
up to a CVSS score of 8.8. But
2:32
the two of the vulnerabilities are
2:34
related to weak and DLM hashes.
2:37
And then we have a
2:39
low vulnerability that just allows
2:42
a high-privileged user to read
2:44
backup session logs. Updates
2:47
are available for download.
2:51
And Dan Gooden with Ars Technica
2:53
is reporting about a little bit
2:55
odd issue with one of the
2:57
root name servers. The root name
2:59
servers of course are, I think,
3:02
sometimes considered a
3:04
little bit more important than
3:07
they actually are. But still,
3:09
they are sort of one
3:11
of those trust anchors in
3:13
the internet. And one of
3:15
these root servers was lagging
3:18
behind. What's happening with these root
3:20
servers is, yes, there are 13
3:23
IP addresses that are known for
3:25
root servers. Many of these IP
3:27
addresses actually have multiple copies and
3:29
something called Anycast. But all
3:32
of these root servers have to stay in
3:34
sync. And there are various techniques to
3:36
do this. DNS sort of has some
3:38
replication built in. The
3:41
replication typically is triggered whenever
3:43
the serial number of a
3:45
particular zone is updated. And
3:47
that's sort of how it
3:49
was detectable that Cochin's copy
3:52
of one of the C
3:54
root servers was
3:56
falling behind by up to
3:58
four days. Usually that's not
4:00
a huge problem given that
4:03
the root zone is rather static,
4:05
there are not a ton of
4:07
updates to it and again there
4:09
are many many copies of these
4:11
servers. But just
4:13
during that time there was
4:15
also an update planned for
4:17
the DNS sec keys for
4:20
the .int and
4:22
the .mil zone.
4:25
Not all that well known,
4:27
it's international organizations that are
4:29
UN chartered. .mil of
4:32
course, US military uses that domain
4:34
and this update had to be
4:36
delayed by a couple days because
4:39
if these DNS servers are out
4:41
of sync then the Coaching server
4:43
would still have offered the old
4:46
key and could potentially then
4:48
lead to problems with verifying
4:51
DNS Sec records. Coaching
4:54
did publish a prestatement stating
4:56
that this was related to
4:58
a routing issue that they
5:00
had and apparently
5:02
Coaching and the
5:04
Indian ISP Tata
5:07
bit the peer meaning stop
5:09
routing traffic amongst each other
5:11
which caused miscellaneous outages in
5:13
particular in Tata's network as
5:16
a result so this could
5:18
very well be related to
5:20
these routing issues. And
5:22
as a little fun project it's really
5:25
easy to set up your own root
5:27
name server, you can just download the
5:29
root zone and add it
5:31
to one of your own name servers and
5:34
that way you're sort of kind of getting
5:36
independent of some of these issues
5:38
but of course then you have to
5:40
maintain your own copy of the root
5:42
zone. Back
5:45
to miscellaneous vulnerabilities, we do
5:47
have 10 new
5:49
vulnerabilities being patched in
5:51
Ivanti's Endpoint Manager, another
5:54
common guest in our
5:56
podcast here. There
5:58
are a number of signaling generations. vulnerabilities being
6:01
addressed here. Some of them do
6:03
allow an unauthenticated attacker to execute
6:05
arbitrary code. However, they have to
6:08
be on the same network.
6:12
Cisco also fixed signal
6:14
injection vulnerability for Firepower
6:16
seems to be the
6:19
vulnerability of choice today when
6:22
it comes to these devices.
6:25
Let me have an interesting story
6:27
with another supply chain vulnerability and
6:31
this time it affected
6:33
a product by Justice
6:35
AV solution, a courtroom
6:37
video recording software. In
6:40
the early this week I talked about how Windows Server
6:42
2019 does
6:45
have some issues with the
6:47
latest Windows updates. Well, Microsoft
6:49
now released an emergency out
6:51
of band update to fix
6:53
this particular problem. And
6:57
that's it for today. Thanks
6:59
everybody for listening. Thanks everybody
7:02
for liking and subscribing. There
7:05
will be no podcast on Monday
7:07
due to the holiday here in
7:09
the United States and talk
7:11
to you again on Tuesday. Bye.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More