SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) ISC StormCast for Tuesday, December 10th, 2024
8 snips
Dec 10, 2024 Explore unusual SSH honeypot breaches that reveal bizarre command execution patterns. Uncover serious vulnerabilities in the OpenWRT router that could compromise its supply chain. The discussion also highlights essential Android updates that tackle baseband weaknesses. Finally, the hosts shed light on the false security assurances of RCS messaging, urging caution in its usage.
AI Snips
Chapters
Transcript
Episode notes
Honeypot Intrusions
- Johannes Ulrich discussed SSH honeypot intrusions with unusual attacker behavior.
- Instead of the typical dozen commands, attackers executed thousands of repetitive curl commands, targeting crypto sites.
Defense Against Curl Attacks
- Defend against curl-based denial-of-service attacks by using services like Cloudflare.
- These services can easily filter the straightforward curl requests used in these attacks.
OpenWRT Vulnerabilities
- OpenWRT vulnerabilities included command injection via package submission and SHA-256 collisions.
- Exploiting the command injection requires an additional container escape due to OpenWRT's mitigations.