Hello, welcome to the Friday, August 19, 2020 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Our diary today is coming from Jesse LeCrew again.

As part of his Sands College undergraduate internship, he created a useful

Python script that will summarize logs from your Kauri Honeypaw. It'll summarize commands being

executed by a particular attacker in a session, then look up IP addresses being used as part

of the attack, as well as sent binaries to VirusTotal

to see if they are already known and malicious. Pretty nice time saver, and he's walking you

through the tool with screenshots so you can see exactly what it does for you.

And if you're using a TPLink router, it may need an update.

The update this time affects the TLWR 841N routers.

These routers suffer from a buffer overflow in the built-in PING utility.

The vulnerability was found by Tranmin Kwon, and all you need to do to exploit it is pass an overly long IP address to the PING function built into the Routers' web-based admin interface.

So, in short, patch and do not expose those

admin interfaces. A proof of concert exploit is available, but also is updated firmware.

And yesterday we got patches from Apple for the most recent version of their operating systems. But I mentioned,

well, these two vulnerabilities that they patched, they may also affect older versions of

your operating system and these were already exploited vulnerabilities. Well, today we got an

update for Safari. So this is a standalone update for Safari only meant for macOS Pixer and Catalina, and it fixes the WebKit vulnerability that was fixed in Monterey yesterday.

Now, no work on whether the second vulnerability, which was a kernel issue, also affects

these older operating systems.

Maybe we'll get additional updates for that later.

...