Hello and welcome to the Friday, December 20th,

20204 edition of the Sansonet Stormunders Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Today we've got a quick diary by one of our undercredited interns,

Shahil Sheikh. He's writing about an exploit attempt against a

PHP unit. This is an old warnability still ranking way up there in the sort of most

common exploits that we typically see. Sherill here suspects that this particular attempt,

which originates from Bulgaria, and actually that

IPI address is quite prolific, is attempting to spread the anthrox ghost malware. That particular

malver is known for then installing Python scripts that will essentially

infiltrate credentials from the victim's system.

They're also known for targeting the dot-env files

that we have observed being targeted in the past.

I'm talking about a little bit sort of blast from the past style news.

Juniper noted that its session smart routers are being attacked by Mirai using, well, what else, default passwords?

Not sure what took so long for Mirai to add this particular set of passwords to its list, but yes,

you're now being targeted. If you still have a Session Smart router with a default password,

you're probably not going to bother to look for any of the indicators of compromise. So just

change your password, please,

and reboot the device,

which probably should get rid of whatever malware was installed,

at least by Mirai,

...