Hello, welcome to the Monday, November 27, 2017 edition of the Santernet Storm Center's Stormcast. My name is Johannes Ulrich, and the I'm recording from Augusta, Georgia.

A critical patch has been released for the XM Mail Server, not the most popular mail server out there, but still quite popular with the Linux crowd.

And according to Shodan, there are a couple million of them still out there exposed to the

internet. And what of course makes this particularly dangerous is that mail servers kind of have

to be exposed to the internet. So there isn't really much you can do in terms of, well, a proxy,

basically putting another mail server in front of that vulnerable mail server.

That's kind of uncommon.

And as a result, this is certainly something where you have to pay attention.

Make sure you're not running XM.

And if you're running XM, and if you're running XIM patch as quickly as possible, a proof of concept exploit already has been released

over the weekend. And a little bit unusual for proof of concept exploit, but in this case,

it will actually open up a shell on the system.

And then we got a couple of cryptocurrency news that accumulated over the weekend.

First of all, Coin Pouch.

Coin Pouch is soft.

It allows you to store various cryptocurrencies in one place.

And apparently they recently added Verge, which is a relatively new, privacy-oriented cryptocurrency, to their portfolio.

Well, sadly, they made a mistake, the exact nature of the mistake or whether it was an attack is not really clear at this point and lost users

cryptocurrency. In this particular case about $650,000 of Verge tokens got lost. And you may have

noticed that this weekend cryptocurrencies really have gained quite a bit in value. Looks like it

may be sort of one of those hot gift items or so for the holidays. Well, to summarize some of

the attacks that you have seen over the last few years, I published a post with about nine

...