Hello, welcome to the Friday, February 26, 2021 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida again.

Imagine that even after you move applications into the cloud, there is still a chance that they get compromised.

Daniel's diary today talks about how to do forensics on Asia virtual machines.

Daniel talks you step by step through using the command line interface to, first of all, of course, create a snapshot

of the disk, then move it to a different storage account, and finally, mounting it in your

SIFT virtual machine, so you can then do traditional forensics on the image. As Daniel points out, it's of course highly preferred to have some kind of endpoint detection

and response tool installed in the virtual machine to save yourself the time and do direct

forensics or instant response within the virtual machine, but well, that's of course

not always present.

And lately when we talked about malicious browser extensions, it was often Google Chrome

extensions that were doing the bad work.

Well, it's not just Google Chrome that supports browser extensions.

There are browser extensions, and with that malicious browser extensions,

pretty much for every browser.

And ProofPoint has an interesting write-up about Firefox browser extension

that they're calling Fryer Fox that apparently is used to target

Tibetan organizations.

You have quite often seen how a Chinese government-sponsored Malver is kind of using Tibetan

organizations a little bit as its proving ground back

in 2008, 2009, I believe it was. Martin Hornbeck, for example, wrote extensively about that.

In this latest incident that ProofPoint is discussing, the user is first tricked to go to a website u-dashube.tv, which of course

...