Hello, welcome to the Friday, February 2, 2018 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich, and the time I'm recording from Jacksonville, Florida.

The South Korean cert got a surprise for us, a new Adobe Flash Saturday exploit that apparently has already been used in some targeted

attacks.

Attacks that were seen in Korea did deploy this particular exploit via Excel spreadsheets

that included the Flash file.

Now other office documents would work as well and of course you could always get

someone to go to a malicious website that will then launch the malicious flash file. This exploit has been

used to target researchers in South Korea that deal with North Korea. Other than that, no public sightings yet.

The earliest references to the exploit have been found back in November.

Now Adobe has released a statement that they have a patch ready that will be deployed on Tuesday as part of the regular monthly

update.

So not too much really to worry about it at this point, in particular since probably the

one thing you should worry about is why you're still using Flash and just as Tuesday comes along, apply the patch as it becomes

available. And Xavier came across a really interesting fishing site. This fishing site sort of adapts

itself to the victim. Now, typical fishing sites are trying to mimic well-known sites

like Gmail or hotmail, but in this particular case, the design of the fishing site changes

depending on the domain part of the victim's email address. The link that you're clicking on if you're falling for this type of fishing site does include

your email address and then it essentially just takes the domain part of the email address,

it then downloads logos from the respective website and displays them as part of the fishing site. It also uses

the first part of the domain in order to mimic a company name. So in this case, Xavier used

ISC.sense.edu as an email domain and then it inserted ISC into various parts of the page where you

...