Hello, welcome to the Monday, June 25th, 2018 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

A reader sent us on Friday an interesting email that included an XPS attachment.

Now, these are attachments you don't really see often. XPS here stands for

XML paper specification and as Lorna describes it sort of sounds like Microsoft's answer

to PDF essentially an XML file that can be used to distribute marked up text. In this case it turned out to be just spam.

Lorna says the idea here is probably to bypass various filters that block sort of known malicious or known unusual attachments,

but XPS for not being used very often probably hasn't made it

to any of these blacklists.

And Palo Alto's Unit 42 came out with a report looking at recent trends in exploit kits.

Now exploit kits are these building blocks that criminals use a lot

in order to spread malware. There have been less of them over the last year. And another

thing that Palo Alto reported was that there are really only eight different exploits being used currently

in the most prevalent exploit kits.

And while these exploit kits themselves are constantly being developed, and for example,

there are now new payloads like crypto coin miners, overall the exploits being used are not really all that cutting edge.

Now on the other hand, Malverabytes a couple of weeks ago came out with their own report.

Now their report covers a little bit more recent data and they saw one in an explorer and

one flash exploit being used that was from a couple months ago.

So they slightly paint a little bit a different picture, but I think one of the basic lessons here is that keeping your browser,

keeping your plugins up to date is really important and probably the best thing you can do against these exploit kits.

Yes, anti-malware helps too, but probably not as well given the wide variety in these exploit kits as compared to just keeping your system up to date.

...