Hello and welcome to the Monday, November 18th, 2024 edition of the Sandtonet Storms and this

Stormcast. My name is Johannes Orich and I'm recording from Singapore. Due to the recording from

Singapore this week, the time the podcast will be published, will be off sometimes, even show up a day early in some

of the listing.

So sorry for any confusion this will cause, but we should have our full five podcast week

this week.

Today's diary was a little bit of a reminder that sometimes attackers are reaching back to old or outright ancient vulnerabilities.

Specifically, a vulnerability in TP link routers that's going back about 12 years was discovered

back then by Polish researcher Mikhail Zydak and well it's not really clear if it was ever patched

there is no CVE number associated with it. Mikhail was in contact with TPLink even though

there were some issues and makes of the initial connection here. So not really clear if this particular

vulnerability was ever addressed. On the other hand, if it was addressed and all TPLink

routers in the last 10 years were patched, then this may not really be a big issue. Still

interesting that attackers all of a sudden

discovered this vulnerability start scanning for it even though we have not really seen any scans

for these vulnerabilities before. Just as a little side note, I've also seen some scans for an

ancient Cisco vulnerability. That was the, I think it's iOS 11.2

vulnerability, so pretty much 20-year-old vulnerability, all of a sudden being scanned again. This

vulnerability definitely has been exploited back in the day, so not necessarily something that just shows up now.

And Bleeping Computer has a good summary of recent attempts to impersonate security researchers

and submit poll requests with obviously malicious code. In my opinion, this is likely someone who is not necessarily

trying to exploit these GitHub repostories. The code actually would not, as it was deposited,

...