Hello, welcome to the Monday, March 15th, 2021 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich.

I'm recording from Jacksonville, Florida.

Not a lot happening this weekend, which is probably good after two weeks of too much excitement.

Exchange servers, of course,

are still being exploited, and now you sort of have the more commodity type of malware, like

ransomware hitting exchange servers that are still vulnerable. But we do have an interesting

vulnerability in Wireshark.

And, well, it's interesting, not really quite as serious as it sounds.

I think it's referred to as code execution vulnerability, which it is.

But essentially, what it comes down to is that if you're observing traffic in VyrShark URLs are rendered as clickable.

And this does not just include HTTP and H.T.PS URLs, but also, for example, file URLs or schemas like DAF.

And if a user now clicks on one of these URLs, it may open and in some cases even execute the particular file. So as usual, well, if you're looking at a malicious

traffic capture or traffic capture of a possible exploit, There's a reason why you call it malicious or

exploit and sometimes the exploit could be directed at the analyst, so always treat these packet

captures with care. And yes, an update has been released and this has been a pretty old vulnerability about for the last

17 years, I believe it says in the Git commit, this behavior has been present in Vyershark.

And we also have another update for Google Chrome. And now this is the second time in about as many weeks that we have a remote code execution

vulnerability that's being fixed in Google Chrome, which is already exploited in the wild.

So make sure Google Chrome is doing its thing and updating itself. And NetLab

360 ran into an interesting new malware that is going after IoT devices. They're using

a number of well-known exploits. What's really different here is what they're doing to these devices after they infect

...