Hello, welcome to the Monday, August 22nd, 22nd, 22 edition of the Sands and its Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Brad on Friday posted a diary about an Astoroth-Malver infection. case Pratt is investigating here actually happened that same day.

So hot off the malware process, so to speak.

The email in this case was in Portuguese and impersonating a Brazil-based company.

The attacker even registered a custom domain

within the dot link top-level domain

to make the link more plausible.

Once the user clicks on the link,

they will receive the malware

in the form of a sipped batch file.

The badge file will then trigger download of the actual malware.

And as always, Brad offers additional details,

indicators of compromise,

and probably most valuable,

links to the packet captures,

allowing you to actually redo the analysis

and to learn by following in Brad's footsteps.

An Amazon patched a vulnerability in its Ring Android app that could expose users' camera recordings.

The vulnerability was originally identified by checkmarks, and it is interesting because it shows how

native applications may be affected by cross-site scripting, even though you don't often think

about them as web applications or rendering HTML, but that's in part sort of what's often

happening here. The problem was rooted in the deep linking activity.

...