Hello, welcome to the Friday, July 16th, 2021 edition of the Sands and it storms and as

Stormcast. My name is Johannes Ulrich and today I'm recording from Jackstable, Florida. Thursday,

I wrote up a fishing kit that I came across earlier this week. It was remarkable for sort of two reasons, really.

First of all, it did fish the United States Postal Service, which is not a very common

fishing target, but certainly does happen occasionally. In this case, the real goal was just

to get a credit card number out of the user. And the

rules here was that, well, you had to change an address for a package that was supposed to be

delivered. And yes, you used the credit card number to verify your identity. The fishing kit

came with some logs of victims, only about a dozen or so people apparently fell for it, but there was also plenty of evidence of researchers and such poking around.

So not sure how many of these victims were actual real.

The second sort of interesting part was that the data infiltration here, or really the reporting of the data back to the attacker,

happened via Telegram. A simple PHP script that did submit the data to a Telegram API,

which would then be received by the attacker. Overall, far from sophisticated, the fishing kit was hosted on a compromised

for a press site that was pretty much missing any kind of security feature. And Sonic Wall took

the little bit unusual step to warn its customers in a special notice that the

attackers are taking advantage of an unpatched flaw in the version 8 of the firmware,

affecting the SMA 100, an older SRA series devices. Version 8 of the firmware is end of life and there is no patch available for this version,

but you can update to version 9 or 10 of the firmware.

Of course, this may require that you do have a valid software subscription license for Sonic

Wall.

The vulnerabilities themselves have been known for quite a while, and they have been exploited

for quite a while.

...