SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, May 8th: Modular Malware; Sysaid Vuln; Cisco Wireless Controller Patch; Unifi Protect Camera Patch
4 snips
May 8, 2025 Dive into the fascinating world of modular malware that cleverly downloads specific features as needed, including a detailed look at a webcam module. Explore the alarming vulnerabilities in the IT management software SysAid, which could lead to severe data breaches. Learn about a critical flaw in Cisco's wireless controller software that allows unauthorized file uploads and execution of root code. Lastly, discover how Ubiquity addressed a dangerous buffer overflow in its Protect camera firmware. Cybersecurity concerns have never been more pressing!
AI Snips
Chapters
Transcript
Episode notes
Example of Modular Malware
- Xavier analyzed modular .NET malware that dynamically downloads DLL modules from GitHub when needed.
- One interesting module controls the webcam, and this setup reduces initial detection by minimizing malicious code upfront.
SysAid XML External Entity Flaws
- SysAid's XXE vulnerabilities let attackers read sensitive files and gain full system compromise.
- Malicious XML entities can pull system files, enabling password theft and remote code execution.
Patch SysAid and Cisco Vulnerabilities
- Apply SysAid patches immediately to prevent remote code execution from XXE vulnerabilities.
- Understand that some Cisco wireless controllers require a specific feature enabled to be vulnerable.