Hello and welcome to the Friday, November 18, 2020 edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Just a quick diary from myself today here at the Internet Storm Center, that's about well not quite security related.

It's really sort of availability related if you're trying to do failover and you're trying to

figure out if your connection is up and running.

Well, a ping is sort of your go-to utility.

Turns out not a working utility if you are using T-Mobile's 5G home service

as a backup as I'm doing here. Well, it turns out that T-Mobile does filter all ICMP traffic,

including error messages, which can also cause some interesting issues.

So just a little bit here for awareness, ISP sometimes don't play nice

and definitely don't really play any more by the RFCs than many attackers.

And then we got an interesting vulnerability from Adlation in its Bitbucket server and

data center products.

A little bit difficult to figure out how severe this issue is.

And that's something that you probably have to figure out yourself.

Adelaideon only rates it as low, but it is an arbitrary code execution vulnerability. However, it does require authentication and does require that the user is able to change their username. But what can then happen is that the environment variable gets set that then leads

to operating code execution. So I imagine a scenario where the user basically changes the username

to something that contains shell code that will then be executed. And Mitiga, a company that deals with Cloud Incense Response, has released a blog post where they looked at leaks of Amazon's RDS snapshots.

RDS, that's the relational database service that Amazon offers as part of its AWS offerings.

And, well, it's a database, of course, with sort of my SQL or Postgres backends.

And it has the ability to share a copy of the database as a snapshot.

And that's also done with a regular database off.

...