0:00

Hello! And welcome to the Friday

0:02

May Twenty Fourth Two Thousand Twenty Four

0:04

Addition Off this Sansom, it's Stomps On

0:07

Ice Storm Cast My name is your

0:09

on us all right and around. Recording

0:11

from Jacksonville, Florida. Happy.

0:14

To have another one of our. Under

0:16

crowded in a duo right

0:18

up about some recent a

0:21

matter that this one is

0:23

the a Red Tail family

0:25

off a Crypto coin miners.

0:28

These crypto coin miners don't

0:30

exploit a specific wanted billie

0:32

per se in order to

0:34

infect systems. They're just going

0:37

for straightforward week username and

0:39

password to one passport of

0:41

that. Our intern here, Robert

0:44

A. Riley, was able. To

0:46

capture was use any route and

0:48

then password or one two three

0:51

with the Oh replaced by a

0:53

Cyril and doesn't have point out

0:55

of eat to have statistics about

0:57

how often specific passports are being

1:00

used if you have like a

1:02

relative for his friend or coworker

1:04

was like that. super tricky password

1:06

like I just replace the Oh

1:09

in password with zero while a

1:11

you can actually showed him the

1:13

data and show them how frequently

1:16

this. Particular password is a

1:18

being attempted a by bots

1:20

out there. Either way, this

1:22

a red tail bought that.

1:24

It's quite an aggressive A

1:26

robber did collect about four

1:28

hundred samples. The overall technique

1:30

it's been using is a

1:32

fairly common. It's applauding Binaries

1:34

for a couple different architectures

1:36

and I'm busy. just sees

1:38

what sticks. It also does

1:40

add a back door in

1:42

the form of an authorized

1:44

keys fall. these authorized. Keys

1:46

files adeptly something that you should

1:48

review and keep a close eye

1:51

on. And after

1:53

yesterday's excursion in who why

1:55

Fi network study, well a

1:58

back add to our. regular

2:00

diet of vulnerabilities. We have an old

2:03

familiar piece of software,

2:06

Veeam Backup Enterprise Manager.

2:09

This tool just patched four

2:11

new vulnerabilities, one with a

2:13

CVSS score of 9.8. It

2:17

does allow an unauthenticated attacker

2:20

to log into the Veeam

2:22

Backup Enterprise Manager as

2:24

any user. The other

2:27

three vulnerabilities less severe, still

2:29

up to a CVSS score of 8.8. But

2:32

the two of the vulnerabilities are

2:34

related to weak and DLM hashes.

2:37

And then we have a

2:39

low vulnerability that just allows

2:42

a high-privileged user to read

2:44

backup session logs. Updates

2:47

are available for download.

2:51

And Dan Gooden with Ars Technica

2:53

is reporting about a little bit

2:55

odd issue with one of the

2:57

root name servers. The root name

2:59

servers of course are, I think,

3:02

sometimes considered a

3:04

little bit more important than

3:07

they actually are. But still,

3:09

they are sort of one

3:11

of those trust anchors in

3:13

the internet. And one of

3:15

these root servers was lagging

3:18

behind. What's happening with these root

3:20

servers is, yes, there are 13

3:23

IP addresses that are known for

3:25

root servers. Many of these IP

3:27

addresses actually have multiple copies and

3:29

something called Anycast. But all

3:32

of these root servers have to stay in

3:34

sync. And there are various techniques to

3:36

do this. DNS sort of has some

3:38

replication built in. The

3:41

replication typically is triggered whenever

3:43

the serial number of a

3:45

particular zone is updated. And

3:47

that's sort of how it

3:49

was detectable that Cochin's copy

3:52

of one of the C

3:54

root servers was

3:56

falling behind by up to

3:58

four days. Usually that's not

4:00

a huge problem given that

4:03

the root zone is rather static,

4:05

there are not a ton of

4:07

updates to it and again there

4:09

are many many copies of these

4:11

servers. But just

4:13

during that time there was

4:15

also an update planned for

4:17

the DNS sec keys for

4:20

the .int and

4:22

the .mil zone.

4:25

Not all that well known,

4:27

it's international organizations that are

4:29

UN chartered. .mil of

4:32

course, US military uses that domain

4:34

and this update had to be

4:36

delayed by a couple days because

4:39

if these DNS servers are out

4:41

of sync then the Coaching server

4:43

would still have offered the old

4:46

key and could potentially then

4:48

lead to problems with verifying

4:51

DNS Sec records. Coaching

4:54

did publish a prestatement stating

4:56

that this was related to

4:58

a routing issue that they

5:00

had and apparently

5:02

Coaching and the

5:04

Indian ISP Tata

5:07

bit the peer meaning stop

5:09

routing traffic amongst each other

5:11

which caused miscellaneous outages in

5:13

particular in Tata's network as

5:16

a result so this could

5:18

very well be related to

5:20

these routing issues. And

5:22

as a little fun project it's really

5:25

easy to set up your own root

5:27

name server, you can just download the

5:29

root zone and add it

5:31

to one of your own name servers and

5:34

that way you're sort of kind of getting

5:36

independent of some of these issues

5:38

but of course then you have to

5:40

maintain your own copy of the root

5:42

zone. Back

5:45

to miscellaneous vulnerabilities, we do

5:47

have 10 new

5:49

vulnerabilities being patched in

5:51

Ivanti's Endpoint Manager, another

5:54

common guest in our

5:56

podcast here. There

5:58

are a number of signaling generations. vulnerabilities being

6:01

addressed here. Some of them do

6:03

allow an unauthenticated attacker to execute

6:05

arbitrary code. However, they have to

6:08

be on the same network.

6:12

Cisco also fixed signal

6:14

injection vulnerability for Firepower

6:16

seems to be the

6:19

vulnerability of choice today when

6:22

it comes to these devices.

6:25

Let me have an interesting story

6:27

with another supply chain vulnerability and

6:31

this time it affected

6:33

a product by Justice

6:35

AV solution, a courtroom

6:37

video recording software. In

6:40

the early this week I talked about how Windows Server

6:42

2019 does

6:45

have some issues with the

6:47

latest Windows updates. Well, Microsoft

6:49

now released an emergency out

6:51

of band update to fix

6:53

this particular problem. And

6:57

that's it for today. Thanks

6:59

everybody for listening. Thanks everybody

7:02

for liking and subscribing. There

7:05

will be no podcast on Monday

7:07

due to the holiday here in

7:09

the United States and talk

7:11

to you again on Tuesday. Bye.