Podcast Detail

SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9278.mp3

previous
Podcast Logo
SANS Daily Network Security Podcast (Stormcast) for Tuesday, January 14th, 2025
00:00

My Next Class

… more classes

Interested in Internet Storm Center stickers? Check here if there are still some available for today.

Episode Summary:
This episode covers brute-force attacks on the password reset functionality of Hikvision devices, a macOS SIP bypass vulnerability, Linux rootkit malware, and a novel ransomware campaign targeting AWS S3 buckets.

Topics Covered:
Hikvision Password Reset Brute Forcing
URL: https://isc.sans.edu/diary/Hikvision%20Password%20Reset%20Brute%20Forcing/31586
Hikvision devices are being targeted using old brute-force attacks exploiting predictable password reset codes.

Analyzing CVE-2024-44243: A macOS System Integrity Protection Bypass
URL: https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/
Microsoft details a macOS vulnerability allowing attackers to bypass SIP using kernel extensions.

Rootkit Malware Controls Linux Systems Remotely
URL: https://cybersecuritynews.com/rootkit-malware-controls-linux-systems-remotely/
A sophisticated rootkit targeting Linux systems uses zero-day vulnerabilities for remote control.

Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C
URL: https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c
Attackers are using AWS’s SSE-C encryption to lock S3 buckets during ransomware campaigns. We cover how the attack works and how to protect your AWS environment.