Hello, welcome to the Friday, August 13th, 2021 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich.

And today I'm recording from a parking lot close to Sevalde, Germany. Due to limited internet access, today's podcast will be a little bit short.

Well, it looks like we are not going to wake up from Brent Nightmare anytime soon.

Microsoft published yet another advisory related to Brent Spoor vulnerabilities,

even though the impact isn't quite clear and a little bit disputed. According to

the advisor, at least as originally released, this does indicate remote code execution

vulnerability, but apparently according to others like Will Dorman, who is usually right about these things,

this may be sort of a copy-paste mistake, and it's really only a local privilege escalation

vulnerability. This one is a little bit different than some of the prior vulnerabilities. The prior

vulnerabilities relied on the attacker, installing a malicious printer driver on the print server.

In this case, a victim would be a client connecting to a malicious print server,

that print server would then copy the malicious code to the client and execute it with system privileges.

Proof-of-concept code has already been made available.

And according to Crowdstrike and others, print nightmare, at least the prior vulnerabilities

that were patched, well, back in June, July, and August are already being used by

ransomware gangs. No real surprise here,

given that ransomware often does sort of rely on these lateral movement kind of attacks and

exploits. So a print nightmare fits right near a playbook. It's a relatively straightforward

vulnerability to exploit at this point, so no big surprise

that it's used for ransomware.

Then a couple stories related to cryptocurrencies.

First of all, you may have heard about it already.

...