SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) ISC StormCast for Monday, December 2nd, 2024
12 snips
Dec 2, 2024 The podcast dives into the latest cybersecurity threats, emphasizing the significance of honeypot systems in countering attacks. It discusses obfuscation techniques used by hackers in evolving infostealers. The conversation also reveals dangerous credit card skimmer malware targeting Magento, just in time for the busy shopping season. Additionally, it highlights the alarming rise of the first UEFI bootkit for Linux, showcasing the ever-evolving landscape of cyber dangers.
AI Snips
Chapters
Transcript
Episode notes
DShield SIEM Setup
- Set up a DShield honeypot and sensor, even in AWS.
- Consider a mini PC or VM with Ubuntu and 8GB RAM for the full SIEM setup.
Infostealer Obfuscation
- Obfuscation techniques, like hiding code in images and base64 encoding, can make info stealers harder to detect.
- Increased code size and improved VirusTotal scores are side effects.
Magento Skimmers
- Credit card skimmers are targeting Magento checkout pages via injected JavaScript.
- Domain names like dynamicopenfonts.app and staticfonts.com are used, easily mistaken for legitimate sites.