Hello, welcome to the Monday, October 19th, 2020 edition of the Sansonet Stormontas

Stormcast. My name is Johannes Ulrich, and the time I'm recording from Jacksonville, Florida.

If you are running Sonic Wall firewalls and are using them for VPN access.

Well, you better pay attention to the patches that were released last week.

These type of firewall patches often sort of get lost in the overall shovel, but these are

important in that they do fix remote code execution vulnerability.

Luckily, not quite as straightforward as some of the other vulnerabilities we have seen

in these endpoint protection devices.

It's actually sort of a good old buffer overflow, so may take a couple days for someone

to come up with an exploit. But definitely that's something Monday when you come to work,

you want to double check that all your sonic wall devices are properly patched. It doesn't

appear to be an easy way to find out remotely if you are

vulnerable. Now, Shodan has a list, of course, of people who run a Sonic Wall and they come up

with about 800,000 devices total, but then again, you have to run the specific firmware versions that

are vulnerable, and you have to have the VPN server enabled to be vulnerable.

And a really neat file that we received from one of our readers, they send us what looked very much like a malicious email,

but the file attachment was kind of odd. It had an extension.mmmp. Now, it was purchase

order.mmp, but it wasn't really clear what the dot mMP extension was all about. I guess

a Microsoft Project uses this extension,

but what actually happened was that this particular spammer did not send the malicious file.

Instead, they sent the configuration file for their marketing software that they're using to actually send the spam.

So good to know that the bad guys sometimes are making mistakes as well.

...