Hello and welcome to the Friday, October 28, 2022 edition of the Sands and its Storm Center's

Stormcast. My name is Johannes Ulrich and I'm recording from Augusta, Georgia.

I mentioned yesterday that OpenSSSL announced a critical patch for this coming Tuesday.

The patch will affect OpenSL version 3.0.

So today I started a diary with a list of different Linux distributions and what OpenSL

versions they include by default.

As a rule of thumb, you will likely find OpenSSL on Linux

distributions released over the last two years. So for example, Ubuntu 2004 still has OpenSL

1.1.1.1, but the latest Ubuntu 22.04, that one has OpenSL 3.0. But note that copies of

OpenSSL may also be installed later as additional updates or as part of other software.

MacOS is a little bit tricky here.

It comes by default with Libre SSL, so not with OpenSSSL, but OpenSL may then be installed

via Mac ports or HomePro, or again, will be included in other software that you may be installing.

I will keep things updated and the list sort of should expand a little bit over the weekend.

If you find any omissions, please send them to me.

And Apple today released updates for iOS and iPad OS 15.

Remember, the latest version is 16 and the latest version did receive updates earlier this

week that included a fix for a seraday vulnerability.

These updates for iPad OS and iOS 15 are now including these same security fixes, including the fix for CVE 2022-22827, which is the vulnerability that's already being exploited.

360 NetLab reports about the Fajah botnet as they call it and that it now reached a complete

firepower of one terabit per second.

This botnet is being used to launch distributed denial of service attacks, and 360 NetLab has first seen this botnet around April, but since then it sort of has observed it being upgraded and the botnet itself growing.

...