Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Drupal RCE Exploit (CVE-2018-7600); Broken Macros; Pastebin XSS Vulnerability - SANS Internet Storm Center Drupal RCE Exploit (CVE-2018-7600); Broken Macros; Pastebin XSS Vulnerability


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
podcast logo

ISC StormCast for Friday, April 13th 2018

A daily summary of cyber security news from the SANS Internet Storm Center
Author:Johannes B. Ullrich, Ph.D.
See below for a schedule of classes I teach.
Created: Friday, April 13th 2018
Length: 5:56 minutes
Today's Headline: Drupal RCE Exploit (CVE-2018-7600); Broken Macros; Pastebin XSS Vulnerability

If you like this podcast, then please consider telling others about it. Use this button to Tweet about this episode: click here. Errors? Corrections? Complaints? Player Problems? Please let us know here: https://isc.sans.edu/contact.html

Plain HTML5 Player
Fancy Player (with skip back/forward)

Show Notes

Drupal RCE Exploit Released
https://isc.sans.edu/forums/diary/Drupal+CVE20187600+PoC+is+Public/23549/

Broken Macro in Malspam Campaign
https://isc.sans.edu/forums/diary/Glitch+in+malspam+campaign+temporarily+reduces+spread+of+GandCrab/23547/

New Random Number Generator Using Entagled Photons
https://www.nature.com/articles/s41586-018-0019-0.epdf

Fake Updates Campaign Spreading Malware
https://blog.malwarebytes.com/threat-analysis/2018/04/fakeupdates-campaign-leverages-multiple-website-platforms/

Coinsecure Loses 438 BTC in Insider Attack
http://archive.is/Riwv6

Pastebin XSS Vulnerability
https://github.com/Nhoya/PastebinMarkdownXSS

Discussion

New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form

Interested in attending one of my classes? See below for my current schedule.

Intrusion Detection In-DepthSan AntonioAug 6th - Aug 11th 2018
Defending Web Applications Security EssentialsAmsterdamSep 3rd - Sep 8th 2018
Defending Web Applications Security EssentialsLas VegasSep 23rd - Sep 28th 2018
Intrusion Detection In-DepthTysonsOct 15th - Oct 20th 2018
Defending Web Applications Security EssentialsDenverOct 24th - Oct 29th 2018
Intrusion Detection In-DepthWashingtonDec 13th - Dec 18th 2018