SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln;
Feb 27, 2025
Discover the hidden risks of ephemeral ports as attackers use them to exfiltrate data, prompting the need for vigilant traffic monitoring. A compromised Visual Studio Code theme has alarmingly reached millions, with its exact malicious intent still under wraps. The shocking theft at ByBit reveals how a compromised developer workstation can lead to monumental losses. Additionally, a vulnerability in NAKIVO backup systems sparks concerns as a proof of concept exploit surfaces, catching the cyber world off guard.
06:45
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- The increasing use of ephemeral ports for data exfiltration presents detection challenges, necessitating careful monitoring of high outbound connections.
- Recent breaches emphasize the need for developers to adopt stringent security practices, including maintaining separate environments and using privileged access workstations.
Deep dives
Understanding Ephemeral Port Usage in Malware Distribution
The use of ephemeral ports for downloading malware is a growing concern, as attackers increasingly connect to web servers on high ports rather than traditional ones like 80 and 443. These high ports, sometimes exceeding 60,000, make it difficult to detect suspicious HTTP or TLS traffic, especially in cloud environments where such practices are becoming more common. Attackers may negotiate these ports dynamically during a handshake, complicating detection efforts further. Monitoring and potentially blocking outbound connections on these high ports can help mitigate risks, but it’s essential to ensure legitimate traffic isn’t disrupted in the process.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
