SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Stormcast Feb 11th 2025: 7zip and MoW; Apple 0-Day Fix; AMD Microcode Overwrite; Trimble CityWorks 0-Day; MageCart Update
Feb 11, 2025
Explore the critical need for secure file extraction with 7-Zip updates that require the mark of the web. Apple rushes to patch a vulnerability that lets attackers bypass USB restrictions on devices. Meanwhile, a microcode exploit on AMD CPUs raises alarms, manipulating functions and random number generation. Trimble Cityworks falls victim to a newly exploited flaw, while the latest MageCart tactics involve stealthy JavaScript injections stealing credit card data through Google Tag Manager, highlighting the importance of cautious coding practices.
07:15
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- The podcast highlighted the significance of correctly managing the mark of the web in extracted files to prevent exploitation risks.
- A critical security update was issued for Apple devices to fix a vulnerability that allowed bypassing USB-restricted mode, threatening device security.
Deep dives
Mark of the Web Issues
The episode discusses the ongoing problems related to the 'mark of the web,' particularly how it fails to propagate correctly when decompressing multifile archives. On Windows, there is a specific setting that is disabled by default, which is meant to set the mark of the web for all extracted files if the archive originally had this mark. This situation creates an opportunity for attackers to create archives that don't properly warn users upon extraction. Therefore, it's crucial for defenders to manage the unpacking process effectively, ensuring that all files have the appropriate warnings before being accessed.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
