Hello and welcome to the Monday, July 31st, 2023 edition of the Sandton and Stormtuner's Stormcast. My name is Johannes Ulrich and the recording from Jacksonville, Florida.

Well, let's start out with some diaries that we published over the weekend. First of all, on Sunday,

I wrote about a sort of interesting fishing scam. Maybe we want to call it smishing, but

what's different here is that it's not actually using an SMS message, but an Apple

iMessage, which does require an Apple device to actually send the message. Also,

some off vacation. It came from a phone number in the Philippines. Sadly, they didn't accept my

request for a FaceTime connection. It did impersonate the United States Postal Service.

Overall, the message was done reasonable, I have to say, not perfect, but I've seen verse.

It was also very picky in that it only accepted the mobile version of Safari.

If you came with any other browser or even the desktop version of Safari, you were

redirected to the authentic USPS website.

This is likely also going to help with not having the fishing page removed, because of course,

this makes it less likely that casual sort of inspection of the URL leads

directly to the fishing page.

The question that has often been asked and Xavier is asking again in his diary this weekend

was why attackers don't pay more attention to IPV6, or maybe they do and we're just not

really looking for it.

Xavier found a malicious Python script that actually specifically looks into establishing

whether or not the particular host that has infected has IPV6 connectivity.

They actually do have a sense research paper coming hopefully in next month or so

that will look into this in particular for NTP.

Of course, you're not going to see a lot of sort of the blind scanning like we see

...