Hello and welcome to the Friday, August 25th, 2017 edition of the Sands Internet Storm Center's

Stormcast. My name is Johannes Ulrich and that I'm recording from Virginia Beach, Virginia.

HP Enterprises integrated lights out cards are certainly not a stranger to critical vulnerabilities, and we have yet another

critical vulnerability that you should patch as soon as possible. It does allow for authentication

bypass as well as for arbitrary code execution on the card. These are the cards that you typically use to remotely manage servers semi out of band,

which sometimes means that these cards are actually exposed to regain access to systems,

which turn out to be otherwise unreachable.

And Kasperska is reporting about malicious Facebook messages that are advertising websites

that will spread malware.

Now, the way this starts out is that you will receive a message from a friend of yours

via Facebook that contains a link to what looks like a movie.

Now when you click on that link it actually will pop up something movie-like and it sort of

almost makes it look like it's part of the Facebook page.

You probably have seen it where a video essentially takes up the entire

page and puts the actual Facebook page in the background. The only twist here is that

then a pop-up will instruct you to download a video player or an update for your flash player. That of course then turns out to be

malicious. Now this is done pretty well even to the point where they are displaying different

messages for Windows versus Mac users in order to cover different operating systems. Many of the

links that Kaspersky observed just lead to spam,

so actually the monetization here, maybe we are just selling spam ad impressions.

And the researcher at Mobile Security Company Simperium did release an exploit for a vulnerability that was

patched in May with iOS 10.3.2. So this particular exploit will work for 10.3.1 and

...