SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Stormcast: Cryptomining Malware, Fake PoC Exploit, Malicious Browser Extensions, and Palo Alto Vulnerabilities. Jan 9th 2024

4 snips

Jan 10, 2025

Delve into the world of cyber threats with insights into Redtail, a sophisticated cryptomining malware that uses advanced tactics to exploit vulnerabilities. Discover how malicious browser extensions manipulate search results to deceive users. Learn about a sneaky information stealer posing as a proof of concept exploit, preying on those testing vulnerabilities. Also, uncover critical vulnerabilities in the Palo Alto Networks' Expedition tool that could expose credentials and allow unauthorized commands.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Redtail Cryptominer's Unusual Approach

Redtail cryptominer uses SCP to copy files after initial access via SSH.
This method, reminiscent of early SANS days, uses the password "NIMDA," a throwback to the 2001 worm.

ADVICE

Handle Exploits with Caution

Treat all exploits as potentially malicious, regardless of the target.
Run them in isolated lab environments to avoid compromising real data.

INSIGHT

Malicious Extensions' Search Manipulation

Malicious Chrome extensions manipulate search results by adding competitor names in obscure languages.
This trick makes them appear legitimate while gaming the search algorithm.

Get the Snipd Podcast app to discover more snips from this episode

Get the app