Hello and welcome to the Thursday, April 27, 2020, 3 edition of the Sandsenet Storm Center's

Stormcast. My name is Johannes Ulrich and I'm recording from San Francisco, California.

Today we've got a quick diary from I Ching about the fishing sites.

I Ching likes to hunt down those fishing sites,

in particular if they affect Singapore, where he is from. In this particular case, it was a tax

filing website. So it's not just here in the U.S. where we had, of course, just April 15th. The big

tax filing deadlines.

Other countries are similar effect, in particular around important dates like deadlines

to file your taxes. More details in E Ching's diary.

And of course, the reason I am here in San Francisco is the RSA conference, and today we had

our annual panel about the top most dangerous attack techniques. Ed Skotis led the panel this

year, and we had Katie Nichols, we had Steven Sims, Heather Mahalick and myself.

The techniques we talked about was, well, first of all, Katie talked about some of the

search engine optimization, but also the malicious ads, the malvertising that the hackers are

doing in order to trick users into installing

malicious software, believing that Google or other search engines would return actually only

good links, which of course is far from right in particular if attackers are willing to pay

for ads in order to prioritize their malicious links.

Katie also mentioned that today Midor added malvertising as one of the attack techniques to their attack framework.

I talked about attacks against developers, something I have of course talked on the

podcast here before, in particular things like malicious plugins or just the vulnerable software

running on developers' workstations, but also code that may be running in order to infect

...