Hello, welcome to the Monday, November 16th, 2020 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich.

The time recording from Jackstable, Florida.

To start out with a couple of quick diaries from this weekend.

First off, all, DDI, yet again, updated Olli Dump, the tool that he maintains,

that allows you to analyze various office documents. And one thing that he has run into and

talked about quite a bit recently is malicious documents where actually anti-malver has removed macros.

So he introduced a new indicator to let you know that a macro has been removed from a particular

document.

And Xavier took a quick look at a sample at the found on virus total.

That's actually based on a fairly old piece of JavaScript malware back from 2018.

But thanks to some really all that complex but innovative new obfuscation technique has gotten a new lease on life by again being able to evade anti-matter.

What it does here is pretty easily just take Unicode codes and then with a simple math formula,

transform the character code to an ASCII code that then translates into

the malicious script.

And the release of macOS, Bixer, and a number of other new software packages such

buy Apple on Thursday caused an interesting issue for macOS users

trying to launch software. Many macOS users reported that it was quite slow to start software

on Thursday evening. I remember myself sort of running into this a little bit, but kind of striking

it off as well, maybe my system is doing a little bit too much. That moment didn't really have

the time to track it down. But apparently what happened was that Apple's OCSP service was overloaded. OCSP stands for the online certificate status

protocol and it's a service used to verify if a particular certificate is still valid. This is also

...