Hello, welcome to the Friday, July 17th, 2020 edition of the Sandinet Storm Center's Stormcast. My name is Johannes

Ulrich, and today I'm recording from Jacksonville, Florida. And yes, top of the news, of course,

is a major compromise of a number of high profile Twitter accounts late yesterday.

Now at this point we don't know a lot about the nature of this compromise, but apparently

it involved an insider. What isn't quite clear is if this insider willingly contributed or

if it was more some type of social engineering or spearfishing

attack that led to an insider relinquishing credentials in order to help the perpetrators of this

attack. Not much really to take away from this other than yes insider attacks are difficult to defend against and

you probably shouldn't believe everything that you see written on Twitter.

And yes, we do have a smaller update for the Cigred vulnerability Microsoft DNS server

vulnerability CVE 2020-201350.

And the update here is that there is now a proof-of-concept exploit out there

that does trigger a denial of service attack,

so it crashes the vulnerable Microsoft DNS server.

In that respect, this is probably sort of a best case as far as proof of concept exploits

go for this vulnerability.

It allows you to experiment with the vulnerability, test your defenses, test your

detection capabilities for this particular attack, and it doesn't reveal anything that was not already

widely known. Of course, a full remote code execution exploit is still widely expected and, well,

I wouldn't put my hopes up for a quiet Friday afternoon.

And of course, this week wouldn't be complete with a few more patches.

Apple updated pretty much everything.

...