Hello, welcome to the Friday, September 27th, 2019 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich.

I'm recording from London, England. It took only a couple days for the bulletin-vorn ability to be targeted by Botnet's bad's bad packets has an interesting report of a botnet

that they observed attacking vulnerable the bulletin instances what it does is it actually well

sort of patches the vulnerability in adding a password to the vulnerable eval function.

So now only the owner of the botnet who knows the password is able to actually take

advantage of the vulnerability.

It's not clear if the password is unique for particular sites or if they're using the same password across all

sites, which of course would sort of defeat its purpose now that this password has been made

public. Just to reiterate what I said yesterday, if you haven't patched yet or if you patched

sort of in the last 24 hours, essentially after the official patch was

released, you should assume that your bulletin board has already been compromised.

This is just one example, how an attacker could use this vulnerability to essentially add

a back door.

And then we got a security bulletin from Cisco that affects the Model 800 industrial ISR routers and Model 1000 grit routers.

Now these devices are typically used in critical infrastructure, which makes the number

of vulnerable devices probably quite small, but of course their location may be critical.

The problem here is approach escalation vulnerability, an attacker with guest access,

could access a VM that only administrative

users should have access to, and that then of course leads to an elevation of privileges.

And a few days ago I mentioned the critical vulnerability in the cloud native registry harbor that

Palo Alto discovered.

Well, Harbor is used in a number of commercial products as well.

...