Sign up to save your podcasts
Or
Share SANS Stormcast Monday March 17th: Mirai Makes Mistakes; Compromised Github Action; ruby-saml vulnerability; Fake GitHub Security Alert Phishing
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
SANS Stormcast Monday March 17th: Mirai Makes Mistakes; Compromised Github Action; ruby-saml vulnerability; Fake GitHub Security Alert Phishing
Mirai Bot Now Incorporating Malformed DrayTek Vigor Router Exploits
One of the many versions of the Mirai botnet added some new exploit strings attempting to take advantage of an old DrayTek Vigor Router vulnerability, but they got the URL wrong.
https://isc.sans.edu/diary/Mirai%20Bot%20now%20incroporating%20%28malformed%3F%29%20DrayTek%20Vigor%20Router%20Exploits/31770
Compromised GitHub Action
The popular GitHub action tj-actions/changed-files was compromised and leaks credentials via the action logs
https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
ruby-saml authentication bypass
A confusion in how to parse SAML messages between two XML parsers used by Ruby leads to an authentication bypass in saml-ruby.
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
GitHub Fake Security Alerts
Fake GitHub security alerts are used to trick package maintainers into adding OAUTH privileges to malicious apps.
https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/
View all episodes
By Johannes B. Ullrich
4.9
619619 ratings
Mirai Bot Now Incorporating Malformed DrayTek Vigor Router Exploits
One of the many versions of the Mirai botnet added some new exploit strings attempting to take advantage of an old DrayTek Vigor Router vulnerability, but they got the URL wrong.
https://isc.sans.edu/diary/Mirai%20Bot%20now%20incroporating%20%28malformed%3F%29%20DrayTek%20Vigor%20Router%20Exploits/31770
Compromised GitHub Action
The popular GitHub action tj-actions/changed-files was compromised and leaks credentials via the action logs
https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
ruby-saml authentication bypass
A confusion in how to parse SAML messages between two XML parsers used by Ruby leads to an authentication bypass in saml-ruby.
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
GitHub Fake Security Alerts
Fake GitHub security alerts are used to trick package maintainers into adding OAUTH privileges to malicious apps.
https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/
More shows like SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
View all
Security Now (Audio)
1,960 Listeners
Risky Business
362 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
368 Listeners
Hacked
176 Listeners
CyberWire Daily
1,011 Listeners
Smashing Security
305 Listeners
Click Here
386 Listeners
Malicious Life
919 Listeners
Darknet Diaries
7,841 Listeners
Cybersecurity Today
142 Listeners
CISO Series Podcast
182 Listeners
Hacking Humans
308 Listeners
Defense in Depth
71 Listeners
Cyber Security Headlines
117 Listeners
Risky Bulletin
33 Listeners