SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Stormcast: Cryptomining Malware, Fake PoC Exploit, Malicious Browser Extensions, and Palo Alto Vulnerabilities. Jan 9th 2024

Jan 10, 2025

Delve into the world of cyber threats with insights into Redtail, a sophisticated cryptomining malware that uses advanced tactics to exploit vulnerabilities. Discover how malicious browser extensions manipulate search results to deceive users. Learn about a sneaky information stealer posing as a proof of concept exploit, preying on those testing vulnerabilities. Also, uncover critical vulnerabilities in the Palo Alto Networks' Expedition tool that could expose credentials and allow unauthorized commands.

07:19

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The Redtail malware exploits weak SSH credentials for stealthy cryptomining, posing significant risks similar to historical threats like NIMDA.

Malicious browser extensions manipulate search results by using competitors' names in descriptions, highlighting the importance of vigilance when selecting extensions.

Deep dives

Red Tail Crypto Miner Exploit

The podcast discusses a newly identified infection called Red Tail, which functions primarily as a crypto miner. This malware exploits weak SSH credentials, enabling attackers to upload additional malicious files directly to the system via SCP, rather than downloading them from the web. This method provides a stealth advantage, as it operates over an encrypted connection, making detection more difficult compared to standard HTTP or HTTPS downloads. The discussion draws parallels to the infamous NIMDA worm, reminding listeners of the persistent risks associated with weak passwords.

Intro

3min

Understanding Malicious Chrome Extensions and Exploit Safety

3min

Examining Vulnerabilities and Community Engagement

2min

In this episode, we explore the following stories:
"Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics"
Overview of Redtail's multi-architecture cryptomining malware exploiting vulnerabilities and deploying persistence techniques.
URL: Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics
"Information Stealer Masquerades as LDAPNightmare PoC Exploit"
A malware disguised as a PoC exploit targets users seeking to test vulnerabilities like LDAPNightmare.
URL: Information Stealer Masquerades as LDAPNightmare PoC Exploit
"How Extensions Trick CWS Search"
Research reveals how malicious browser extensions manipulate Chrome Web Store search to appear legitimate.
URL: How Extensions Trick CWS Search
"Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)"
Multiple vulnerabilities in the deprecated Expedition tool can expose credentials and lead to unauthorized file and command execution.
URL: Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Stormcast: Cryptomining Malware, Fake PoC Exploit, Malicious Browser Extensions, and Palo Alto Vulnerabilities. Jan 9th 2024

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Red Tail Crypto Miner Exploit

Malicious Chrome Extensions Tactics

Remember Everything You Learn from Podcasts