Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cisco ASA VPN Exploit Update; TLS Extension Covert Channel; CSRF Theft via CSS - SANS Internet Storm Center Cisco ASA VPN Exploit Update; TLS Extension Covert Channel; CSRF Theft via CSS


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
podcast logo

ISC StormCast for Tuesday, February 6th 2018

A daily summary of cyber security news from the SANS Internet Storm Center
Author:Johannes B. Ullrich, Ph.D.
See below for a schedule of classes I teach.
Created: Tuesday, February 6th 2018
Length: 6:24 minutes
Today's Headline: Cisco ASA VPN Exploit Update; TLS Extension Covert Channel; CSRF Theft via CSS

If you like this podcast, then please consider telling others about it. Use this button to Tweet about this episode: click here. Errors? Corrections? Complaints? Player Problems? Please let us know here: https://isc.sans.edu/contact.html

Plain HTML5 Player
Fancy Player (with skip back/forward)

Show Notes

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf
https://pastebin.com/YrBcG2Ln

TLS Extension Covert Channel
https://www.fidelissecurity.com/threatgeek/2018/02/exposing-x509-vulnerabilities

CSRF Token Exfil via CSS
https://github.com/dxa4481/cssInjection

Discussion

New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form

Interested in attending one of my classes? See below for my current schedule.

Intrusion Detection In-DepthSan AntonioAug 6th - Aug 11th 2018
Defending Web Applications Security EssentialsAmsterdamSep 3rd - Sep 8th 2018
Defending Web Applications Security EssentialsLas VegasSep 23rd - Sep 28th 2018