Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cisco ASA VPN Exploit Update; TLS Extension Covert Channel; CSRF Theft via CSS - SANS Internet Storm Center Cisco ASA VPN Exploit Update; TLS Extension Covert Channel; CSRF Theft via CSS


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
podcast logo

ISC StormCast for Tuesday, February 6th 2018

A daily summary of cyber security news from the SANS Internet Storm Center
Author:Johannes B. Ullrich, Ph.D.
See below for a schedule of classes I teach.
Created: Tuesday, February 6th 2018
Length: 6:24 minutes
Today's Headline: Cisco ASA VPN Exploit Update; TLS Extension Covert Channel; CSRF Theft via CSS

If you like this podcast, then please consider telling others about it. Use this button to Tweet about this episode: click here. Errors? Corrections? Complaints? Player Problems? Please let us know here: https://isc.sans.edu/contact.html

Plain HTML5 Player
Fancy Player (with skip back/forward)

Show Notes

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf
https://pastebin.com/YrBcG2Ln

TLS Extension Covert Channel
https://www.fidelissecurity.com/threatgeek/2018/02/exposing-x509-vulnerabilities

CSRF Token Exfil via CSS
https://github.com/dxa4481/cssInjection

Discussion

Login here to join the discussion.

Interested in attending one of my classes? See below for my current schedule.

Defending Web Applications Security EssentialsSan FranciscoMar 12th - Mar 17th 2018
Defending Web Applications Security EssentialsRestonMay 20th - May 25th 2018
Intrusion Detection In-DepthSan AntonioAug 6th - Aug 11th 2018
Defending Web Applications Security EssentialsAmsterdamSep 3rd - Sep 8th 2018
Defending Web Applications Security EssentialsLas VegasSep 23rd - Sep 28th 2018