Hello, welcome to the Monday, November 13, 2023 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

On Friday, we got a quick diary by Austin Long, a student in the Sands.edu Bachelor's program.

Now, in his diary, it looks basically at, well, what's going on currently with Gaffet.

We often sort of overlook these old, long-going threats, so always good to check in with them occasionally to see what's happening.

Not really has changed much with this particular bot over the last 10 or so years that it's going around.

It's still looking for default passwords.

Had it a couple sort of HTTP vulnerabilities to its arsenal.

Apparently the one particular sample that

was captured here by Austin is looking for some Huawei routers with specific vulnerabilities.

Best defense against these kind of threats is keep up to date on your router firmware. Remember

once a month check-in if your router is still up to date and of course avoid default passwords.

And then we got an interesting post by Huntress Lab with details regarding attacks against a number of healthcare, particular,

pharmaceutical companies.

The common denominator here appears to be a software called Screen Connect.

Screen Connect is used by transaction data systems, according to Huntress, and that company

actually was recently purchased

by a company called Outcomes. These companies are also known for their RX30 and computer RX

software, so if you're running that software, you may be running Screen screen connect as well.

Once connected to the systems,

the attacker then installed in some cases additional screen connect instances,

but also installed any desk,

...