Episode Details

Back to Episodes

SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed

Episode 9420 Published 11 months ago
Description

xorsearch.py: Ad Hoc YARA Rules
Adhoc YARA rules allow for easy searches using command line arguments without having to write complete YARA rules for simple use cases like string and regex searches
https://isc.sans.edu/diary/xorsearch.py%3A%20%22Ad%20Hoc%20YARA%20Rules%22/31856
Google Spoofed via DKIM Replay Attack
DKIM replay attacks are a known issue where the attacker re-uses a prior DKIM signature. This will work as long as the headers signed by the signature are unchanged. Recently, this attack has been successful against Google.
https://easydmarc.com/blog/google-spoofed-via-dkim-replay-attack-a-technical-breakdown/
SSL.com E-Mail Validation Bug
SSL.com did not properly verify which domain a particular email address is authorized to receive certificates for. This could have been exploited against webmail providers.
https://bugzilla.mozilla.org/show_bug.cgi?id=1961406
Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us