ISC StormCast for Wednesday, June 5th, 2024

ISC StormCast for Wednesday, June 5th, 2024

Update: 2024-06-05
Share

Digest

This episode of the Sands and at Stompsoners Stormcast begins with a discussion of a new attack vector using AVAST's proxy to register malicious tools with Windows Security Center. The episode explains how attackers can exploit AVAST's proxy to register malicious tools as the main security provider, effectively disabling Windows Defender. The episode then moves on to discuss fake job scams, highlighting the dangers of being tricked into applying for fake jobs, being asked to make cryptocurrency payments, and being asked to install malware under the guise of a security exercise. The episode concludes with a discussion of vulnerabilities in Syxel NAS devices, highlighting the importance of keeping devices updated with the latest security patches. The episode emphasizes the importance of being vigilant about security threats and taking steps to protect oneself from attacks.

Outlines

00:00:00
Introduction and AVAST Proxy Attack

This Chapter introduces the Sands and at Stompsoners Stormcast and discusses a new attack vector using AVAST's proxy to register malicious tools with Windows Security Center. The episode explains how attackers can exploit AVAST's proxy to register malicious tools as the main security provider, effectively disabling Windows Defender. The episode also discusses how to detect this attack using Windows event logs and by looking for AVAST artifacts.

00:02:46
Fake Job Scams

This Chapter discusses fake job scams, highlighting the dangers of being tricked into applying for fake jobs, being asked to make cryptocurrency payments, and being asked to install malware under the guise of a security exercise. The episode emphasizes the importance of being vigilant about job scams and never paying any money to a potential employer before starting a job.

00:04:40
Syxel NAS Vulnerabilities

This Chapter discusses vulnerabilities in Syxel NAS devices, highlighting the importance of keeping devices updated with the latest security patches. The episode emphasizes the importance of being vigilant about security threats and taking steps to protect oneself from attacks.

Keywords

AVAST
AVAST is a well-known antivirus software company that provides security solutions for personal computers and mobile devices. It is known for its free antivirus software, which offers basic protection against malware and viruses. AVAST also offers paid versions with more advanced features, such as real-time protection, firewall, and anti-spam.

Windows Security Center
Windows Security Center is a built-in security feature in Windows operating systems that provides a centralized location for managing security settings and monitoring the status of security features. It allows users to view the status of their antivirus software, firewall, and other security features, as well as to configure security settings.

EDR
EDR stands for Endpoint Detection and Response. It is a security solution that helps organizations detect and respond to cyberattacks on their endpoints, such as computers, laptops, and mobile devices. EDR solutions use a combination of technologies, such as endpoint agents, threat intelligence, and machine learning, to monitor endpoints for suspicious activity and to respond to threats in real time.

Syxel
Syxel is a Taiwanese company that specializes in networking equipment, including routers, switches, and NAS devices. Syxel NAS devices are network-attached storage devices that provide a centralized location for storing and sharing files over a network. They are often used by businesses and individuals to store backups, share files, and access data remotely.

Capture the Flag
Capture the Flag (CTF) is a type of cybersecurity competition where participants compete to solve challenges and capture flags. CTFs are often used to test cybersecurity skills and to promote cybersecurity awareness. They can be used for educational purposes, as well as for recruiting and training cybersecurity professionals.

Cryptocurrency
Cryptocurrency is a digital or virtual currency that uses cryptography for security and to control the creation of new units of currency. Cryptocurrencies are decentralized, meaning they are not subject to government or financial institution control. Bitcoin is the most well-known cryptocurrency, but there are many others, such as Ethereum, Litecoin, and Ripple.

Malware
Malware is software designed to damage or disable a computer system. It can take many forms, including viruses, worms, Trojan horses, and ransomware. Malware can be spread through email attachments, malicious websites, and infected software. It can steal personal information, damage files, and take control of a computer system.

Public Service Announcement
A public service announcement (PSA) is a message that is broadcast or published to inform the public about a particular issue or to promote a particular cause. PSAs are often used to raise awareness about social problems, to promote public health, or to encourage people to take action on a particular issue.

Q&A

  • How can attackers exploit AVAST's proxy to register malicious tools with Windows Security Center?

    Attackers can exploit AVAST's proxy by using it to register malicious tools as the main security provider, effectively disabling Windows Defender. This allows the malicious tool to bypass Windows Defender's protection and potentially gain control of the system.

  • What are some ways to detect this AVAST proxy attack?

    You can detect this attack by looking for Windows event log event ID 15, which indicates that another tool has registered itself with Windows Security Center. You can also look for any artifacts of AVAST, such as its proxy or signing certificate.

  • What are some red flags to watch out for when applying for a job?

    Be wary of job ads that ask for cryptocurrency payments before you start the job. Also, be cautious if you are asked to install malware as part of a security exercise, as this could be a scam.

  • Why is it important to keep Syxel NAS devices updated with the latest security patches?

    Syxel NAS devices are vulnerable to attacks, and keeping them updated with the latest security patches helps to protect them from these attacks. Outdated devices are more likely to be exploited by attackers.

Show Notes

Comments 
loading
00:00
00:00
1.0x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

ISC StormCast for Wednesday, June 5th, 2024

ISC StormCast for Wednesday, June 5th, 2024

Dr. Johannes B. Ullrich