SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics

Jan 13, 2025

Discover the vulnerabilities plaguing Hikvision IP cameras as attackers exploit flawed password reset systems. Learn about a critical macOS flaw that allows system integrity to be bypassed through kernel extensions. Delve into a sophisticated Linux rootkit that remotely controls systems using zero-day vulnerabilities. Lastly, unravel a new ransomware scheme that targets AWS S3 buckets, leveraging SSE-C encryption to lock down data, highlighting the urgent need for protective measures and timely patching.

07:51

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Hikvision devices exhibit severe vulnerabilities due to insufficient password reset security, emphasizing the need for improved design and safeguards against brute-force attacks.

Recent ransomware tactics exploit AWS S3 bucket encryption using customer-managed keys, highlighting the critical importance of robust credential management to protect sensitive data.

Deep dives

Password Reset Vulnerabilities in Hikvision IP Cameras

Hikvision IP cameras demonstrate significant vulnerabilities in their password reset features, which lack essential security measures like rate limiting and unpredictability. The absence of these safeguards allows attackers to easily brute force the password reset codes, derived from publicly accessible UPnP data, ultimately enabling unauthorized access to administrator accounts. This highlights the critical importance of implementing a robust design for password reset functionality, including using random codes and imposing strict limits on attempts and timeframes. The discussion reinforces the need for vigilance in security practices to prevent easy exploitation of such weaknesses.

Exploring Vulnerabilities in IP Cameras, Mac OS, and Linux Rootkits

6min

Detecting Compromise and Ransomware Threats in AWS S3 Buckets

2min

Episode Summary:
This episode covers brute-force attacks on the password reset functionality of Hikvision devices, a macOS SIP bypass vulnerability, Linux rootkit malware, and a novel ransomware campaign targeting AWS S3 buckets.
Topics Covered:
Hikvision Password Reset Brute Forcing
URL: https://isc.sans.edu/diary/Hikvision%20Password%20Reset%20Brute%20Forcing/31586
Hikvision devices are being targeted using old brute-force attacks exploiting predictable password reset codes.
Analyzing CVE-2024-44243: A macOS System Integrity Protection Bypass
URL: https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/
Microsoft details a macOS vulnerability allowing attackers to bypass SIP using kernel extensions.
Rootkit Malware Controls Linux Systems Remotely
URL: https://cybersecuritynews.com/rootkit-malware-controls-linux-systems-remotely/
A sophisticated rootkit targeting Linux systems uses zero-day vulnerabilities for remote control.
Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C
URL: https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c
Attackers are using AWS s SSE-C encryption to lock S3 buckets during ransomware campaigns. We cover how the attack works and how to protect your AWS environment.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Password Reset Vulnerabilities in Hikvision IP Cameras

Ransomware Exploitation of AWS S3 Buckets

Remember Everything You Learn from Podcasts