Hello and welcome to the Friday, April 28, 2020, 3 edition of the Sands and its Stormtunters Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Just got back home earlier today.

Yesterday's episode was a lot about RSA, so want to step back a little bit and try to cover some of the things that we may have missed yesterday.

First story actually brought back memories of RSA like a couple of years ago when I talked about vulnerabilities in backup systems.

That has come up occasionally. The latest instance is a vulnerability

in VIM backup that I did mention actually in March when it came out. There was a proof of

concept exploit. It was made public later in March, I think around the 20th, and now we do have ransomware being deployed

using this vulnerability. The vulnerability in question here is CVE 2023, 27532, and again, a patch

was made available March 7th. The CVSS score of this vulnerability is 7.5.

With secure attributes, these attacks to the Fin 7 group has been around for quite a while and

has sort of been in the ransomware business, in particular targeting enterprises and using whatever sort of the vulnerability of

the day is.

To quickly check if you may be vulnerable, do a quick port scan on port 9,401.

This is where the meme backup service listens.

It is exposed via SSL, but definitely should not be exposed to the internet.

I may have mentioned in a recent podcast that Google Authenticator now supports

syncing of the embedded secrets across different devices using Google accounts.

This was sort of one of the big shortcomings of Google Authenticator for quite a while

because whenever you got a new device, you had to essentially transfer, sort of re-register

all of these secrets with the respective websites, which was quite cumbersome and a lot of competitors

...