SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics
8 snips
Jan 13, 2025 Discover the vulnerabilities plaguing Hikvision IP cameras as attackers exploit flawed password reset systems. Learn about a critical macOS flaw that allows system integrity to be bypassed through kernel extensions. Delve into a sophisticated Linux rootkit that remotely controls systems using zero-day vulnerabilities. Lastly, unravel a new ransomware scheme that targets AWS S3 buckets, leveraging SSE-C encryption to lock down data, highlighting the urgent need for protective measures and timely patching.
AI Snips
Chapters
Transcript
Episode notes
Secure Password Resets
- Implement robust password reset features with random codes, limited attempts, and short timeframes.
- Be mindful of denial-of-service risks with password resets; consider using reset questions as a rate limiter.
macOS SIP Bypass
- MacOS System Integrity Protection (SIP) bypass vulnerability (CVE-2024-44243) allows malicious kernel extensions to compromise system security.
- Tricking users into installing malicious kernel extensions is key to exploiting this vulnerability.
Linux Rootkit Defense
- Sophisticated Linux rootkits exploit server-day vulnerabilities for remote system control.
- Focus on detecting system compromises and indicators of compromise, especially when patches are unavailable.