Hello, welcome to the Friday, March 20th, 2020 edition of the Sandtonet Stormsendos Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Xavier today took a look at another piece of malware that uses the coronavirus as its lure.

Now, this, of course, is becoming quite common now.

This email claims to come from the World Health Organization,

but actually uses info at who.org as from address.

This particular domain actually has an SPF entry that it will never be used to send

email, and the valid domain or the official domain for the World Health Organization is wh.h.

It includes the usual word attachment with macro that's then used to download additional malware,

and Xavier will be talking more about this particular malware in a future post.

And Cisco today fixed five vulnerabilities in its SD-WAN products.

Three of these vulnerabilities are rated high, allowing approach escalation, command injection,

and then also a buffer overflow vulnerability.

Now, teaching our defending web application class right now, it's also nice to note that

the two medium vulnerabilities are a cross-side

scripting and, yes, a SQL injection vulnerability.

Now, the reason why the first three vulnerabilities are only rated high, not critical, is in

part that they do require authentication and attacker, for example, first needs command line access

in order to, for example, launch the command injection vulnerability.

So no need to panic yet, but certainly something you do want to patch.

Now that it's part of the last patch,

use the Microsoft Fix CVE 2020-0881.

...