Hello and welcome to the Friday, March 15th, 2024 edition of the Sandsenet Storm Center's Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

We do have a diary today by Jan looking at a couple different options that are increasing in how attackers are storing assets for their

fishing scams. And these two are IPFS and R2. Both of them have been going around for a while,

but they keep increasing IPFS. That's short for the interplanetary file system, a distributed Web 3 storage system, and then R2, which is object storage provided by CloudFlare.

Either of them can be used free or really cheap, so attackers are using it for ephemeral storage.

Often these URLs are rotating very quickly by the time you noted a particular URL or blocked

a URL, well, it's already gone and moved to somewhere else.

IPFS is something that you may want to consider blocking wholesale.

I don't really see it used much sort of for real stuff.

Of course, that's much more difficult for Cloudflare.

R2 is commonly used by a number of valid applications and companies R2.

D.Dev is the domain associated with it.

So you may want to keep an eye out for these URLs, but like I said, wouldn't recommend blocking them.

And we have yet again updates for 40 net users.

First one is not so good news, and that's new vulnerabilities this time in 40 WLM.

40 WLM, that's their wireless land manager.

Horizon 3 published a blog post with details regarding four different vulnerabilities.

One is an unauthenticated command injection. We have unauthenticated

SQL injection, unauthenticated arbitrary file read, and lastly an authenticated command

injection. Bad news here is that at least two of these vulnerabilities have not yet been patched. Horizon 3 originally reported these

vulnerabilities to 4-D-NET back in May last year, and now after their 307 days of notification

expired, they did publish the details regarding these vulnerabilities.

...