Hello, welcome to the Monday, June 3rd, 2019 edition of the San Sanct Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm quoting from San Antonio, Texas.

Google, today on Sunday, suffered a major outage across parts of its infrastructure.

Looks like it lasted about four hours. The result was

that Gmail and YouTube for example was not reachable, but the outage also affected a number of

third party services. Like for example, Snapchat and Discord were mentioned in news reports.

These services do rely on Google Cloud.

The outage appears to be somewhat focused in the eastern United States,

but these services were also not reachable for a number of users in California, for example.

So far Google hasn't released any details, but it promised to do so once they finished their

investigation.

And about a week ago, Siemens published a security announcement regarding its logo 8BM controllers.

These are logic controllers that you often find in automation environments, and these controllers

listen on port 10,0005. Turns out they're subject to an unauthenticated configuration override.

Also, an attacker could use this port to download configuration files from affected devices.

At this point, there is no patch available for this problem.

Siemens just recommends that you do not expose port

10,0005 of these devices to untrusted networks.

What it certainly sounds like a severe issue at this point, Shodan, for example, only lists

59 devices listening on this port. We also don't see a lot of scanning on

this port, so this is probably more an issue where an attacker would already have a foothold

in a network and then laterally move to exposed devices. And I've got an interesting blog post outlining a quick method how a malicious Tor exit node may potentially be able to obtain the real IP address of a host connecting through it.

...