Hello, welcome to the Friday, July 1st, 2016 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and it am recording from Salt Lake City, Utah.

Often it doesn't take a new fancy technical exploit in order to convince users to give up their username and password.

Some basic social engineering tricks is usually all it takes in order to get a pretty

decent response rate.

To illustrate this point, Xavier wrote up an interesting diary about some spam that he has

been seen recently where the spam delivers a blurred document and then overlays

a login dialogue to the document, claiming that if the user enters their email, username,

and password, it will unlock this document for them.

Now, this of course then entices users to enter their credentials, thinking that they

already see sort of this blurt document. They really would like to see what it's all about

and sounds kind of reasonable that a sender would password protect these type of documents.

So neat little trick and of course not really all that easy to defend against because no real malver in this sense is actually delivered.

Now Xavier goes on to look at the actual command control channel that's then being used to submit

the username and password. So if you're interested in some indicators of compromise, you can certainly check out what he learned about these particular exploits.

Now there are many users who have given up somewhat on Adobe's PDF reader due to all of the vulnerabilities being reported in that particular piece of software

and have switched to the alternative written by Fox IT.

Well, Fox IT and Fox IT Fandem PDF also have vulnerabilities and Fox ID

just this week released patches for them.

So if you are using Fox IT, make sure you're up to date.

And security researcher, Christian Otto, did find a pretty basic vulnerability in

STARTSEL's Start Encrypt API. I mentioned this API before, it does allow you

...