Hello, welcome to the Friday, February 18, 2022 edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Yesterday I talked about an FBI warning that business email compromise schemes are now migrating in part to conference platforms,

and we now have a new note about this from Vanon, which is part of Checkpoint.

They observe the distribution of malware in particular via Microsoft Teams.

The overall strategy is very similar to this business email compromise.

They are compromising one user's account.

Use that account in order to connect to a company's Microsoft Teams environment,

and then they are offering malicious EXE files for download.

Interesting, the EXE file that Avanon here did see is always called usercentric.exe.

Of course, nothing would prevent any attacker from using any kind of name for

that file. Also, there's absolutely no reason why this attack couldn't happen via Slack Discord

or any other popular messaging platform. But of course, in particular, the sort of internal corporate

messaging platforms are often considered more trusted. So also make sure that you're using

strong authentication for your message platform. Just sticking with messaging here, we also have

a new version of Thunderbird.

I usually don't mention Thunderbird updates, but as anything, you should keep it updated.

Mozilla is pretty good in automatically updating it just like Firefox and only one high

vulnerability is being patched here.

CVE 2022-0566 and out-of-bound right.

But well, you may have a secure email gateway in order to protect yourself from attacks like this.

Those you have to patch as well.

...