Podcast Detail

SANS Stormcast Friday, May 9th: SSH Exfil Tricks; magicINFO still vulnerable; SentinelOne Vulnerability; Commvault insufficient patch

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9444.mp3

Podcast Logo
SSH Exfil Tricks; magicINFO still vulnerable; SentinelOne Vulnerability; Commvault insufficient patch
00:00

No Internet Access: SSH to the Rescue
If faced with restrictive outbound network access policies, a single inbound SSH connection can quickly be turned into a tunnel or a full-blown VPN
https://isc.sans.edu/diary/No%20Internet%20Access%3F%20SSH%20to%20the%20Rescue!/31932

SAMSUNG magicINFO 9 Server Flaw Still exploitable
The SAMSUNG magicINFO 9 Server Vulnerability we found being exploited last week is apparently still not completely patched, and current versions are vulnerable to the exploit observed in the wild.
https://www.huntress.com/blog/rapid-response-samsung-magicinfo9-server-flaw

Bring Your Own Installer: Bypassing SentinelOne Through Agent Version Change Interruption
SentinelOne’s installer is vulnerable to an exploit allowing attackers to shut down the end point protection software
https://www.aon.com/en/insights/cyber-labs/bring-your-own-installer-bypassing-sentinelone

Commvault Still Exploitable
A recent patch for Commvault is apparently ineffective and the PoC exploit published by watchTowr is still working against up to date patched systems
https://infosec.exchange/@wdormann/114458913006792356

no transcript found