Hello, welcome to the Friday, March 27, 2020 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Xavier came across some malware that turned out to be exceptionally large with 320 megabytes.

And, well, he took a look to figure out what's exactly going on here in this

matter and where all the data really came from. So when he loaded it into PE Studio, which sort of

outlines the structure of the file, he found a normal size text and data part, but the resource part was where all that bulk came

from.

Turned out all that data was really sort of three different images that looked like they

were sort of scribbled by hand.

Not hard and clear what is about, but likely just to obfuscate the binary. A lot of antivirus tools may not

scan a file if it exceeds a certain size, and that may be the goal here.

And looks like the update to iOS that was just released is introducing a problem with how

VPNs are established with iOS.

Typically whenever you enable a VPN connection, existing connections should be stopped

and then reestablished over the VPN.

That apparently isn't happening with this latest version

of iOS, connections that you had established

before you actually set up the VPN will remain unencrypted.

VPN provider Proton VPN came up with this finding,

and what they are recommending is that before enabling VPN,

just turn the phone into airplane mode,

...