Hello, welcome to the Thursday, April 15th, 2021 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich, and the time I'm recording from Jacksonville, Florida.

Brad today posted the solution to the quiz that he posted on April 1st, congratulations to Alex for winning the Raspberry Pi

among the correct solutions that verse submitted for the quiz.

If you participated in the challenge or if not, if you just play a little bit with the

P-CAP, you now have the complete solutions. Turns out it started

out with a Bazaar loader, then went to Cobalt Strike, which was then in the end used to install the

anchor malverse. You had kind of two DNS-based command control channels in this particular sample.

And I'm sure we'll do this again.

Maybe next month we'll see if Brad has another good challenge like this up his sleeves.

And then we got a little bit of sort of post-patch Tuesday cleanup.

First off all, Adobe also published four bulletins, one for Photoshop, for Adobe Digital

Editions, Adobe Bridge, and RoboL.

Any updates for Photoshop as well as Adobe Bridge do address vulnerabilities that could lead

to code execution.

And we got a new version of Google Chrome, Google Chrome 90, and the release was actually

delayed by a day because just yesterday, yet another Google Chrome Saturday was posted to GitHub. This was the second one this week. So both of these

vulnerabilities should be addressed in Google Chrome 90. There's also a new feature or change in

default behavior in Google Chrome 90. It will now by default, if you don't specify a

protocol, try to connect via HTTP on port 443. Only if that fails, then it will connect via

HTTP on Port 80. Just be aware that this is not meant to be as strong as strict transport security.

If you add the HTTP strict transport security header, then the browser will outright refuse to connect via HTTP and only allow connections via HTTP.

In this new default mechanism, it will fall back to HTTP if HDPS is not available.

...