Hello and welcome to the Monday, October 30th, 2020,

edition of the Sandinet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

A couple of interesting diaries from this weekend.

First, another example from Xavier about overly large files being used in order to bypass anti-matter

controls. For performance reasons, a lot of security controls are limiting how much of a file

or how big of a file they're going to analyze. So what often happens is that attackers will

add essentially garbage to a file in order

to make it large enough so it's not properly recognized by various anti-malware products.

This latest example that Xavier found just uses simple zeros in order to sort of be used as a padding

here. And yes, this does not affect the actual execution. It's religious garbage that's being

used to confuse anti-malver tools. And with cyber awareness month wrapping up in a couple of days, we got a related diary by

Guy.

Guy looked into a quick sort of phishing email that also could be spam.

It was kind of nicely customized somewhat here to our website.

You often see that.

Now, the reason these phishing emails are sometimes mistaken for spam that if you click on

the link, you don't always get the phishing page.

There are a couple things that attackers often do, like browser type, and in some cases, only the first click, for example, works and actually goes to the fishing page, and then later clicks just go more or less to a generic advertisement page, which of course then make people and responders believe that this particular

email was actually just a little bit of weird spam message and not a phishing message.

And then we got a little bit more details regarding one of the vulnerabilities that Apple addressed in iOS last week, and this was one

that leaked the actual Mac address of the device. In iOS, for the last couple versions, you

...