Hello and welcome to the Monday, March 18, 2020,

for edition of the Sandin and Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Eging has an update on the 5G-Huler, 5-gul vulnerabilities.

Ewing is part of the group that did some of the research on these vulnerabilities, and

the update does show how some of the phones were updated and also the lack of updates

for phones, in particular for some older models.

This is an ongoing problem for Android where older

models are often no longer receiving updates. And in this particular case, of course, the update

does affect the 5G modem. So often the cooperation and validation of these new firmware versions by the

telecom operator has to be done first before they can be pushed out to the end user.

And DDA has a post explaining how to not just decode hexadecimal payload, but also how to work

around some of the pitfalls that may run into, like in this case the encoding not being

identified correctly. So DDA walks you through this particular sample, how to eliminate

some of the additional characters

that were inserted for obfuscation after removing them. The file pretty straightforwardly decodes

back to a cobalt strike beacon. And researchers from Salt looked into some interesting vulnerabilities in chat GPT related to plugins.

The problem here is that, of course, you have to connect the plugin to chat GPT, and it uses

OAuth in order to accomplish this.

Normally, what happens is that chat GPPD sends you to the website that you would like to

authenticate with, and then that website sends you back a token that's then being used

for authentication.

...