Hello, welcome to the Thursday, August 5, 2021 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Stockholm, Germany.

Really interesting fishing site that Ye Jing came across and, well, he actually managed to find this fishing site while investigating

an online banking fishing site that hit a bank in Singapore.

But while that fishing site was done instead after pivoting through some of the IP addresses,

Yi Jing did find a fishing site impersonating the UN Peace Corp website.

This fishing website apparently was collecting data about UN peacekeeping personnel.

The reason that I Ching thinks that it is a fishing site is that

it is very close to the official US peacekeeping site, but it has the additional feature to allow

users to search by tracking IDs, essentially personnel IDs that are apparently being collected here.

Now, we don't know the phishing email what that looked like.

And of course, there's still a small chance that this is some kind of development site or so

that just happened to use that particular host and that IP address and was left open to the public.

And then we have yet more vulnerability in OT, meaning operation technology-centric TCP IP stack.

The team reached us from JFrog and Forscout, that's the same team that looked at similar

stacks and found for vulnerabilities in the past, now looked at niche stack.

Nech stack is, well, not necessarily just used for niche devices, used by 200 different device

vendors that basically use this TCPIP-IP stack preferably for these

operational technology devices that you find on factory floors in power plants and the like,

and they found 14 different vulnerabilities.

One of them they rated with a CVSS score of 9.8 because it does likely

allow remote code execution. Also a second one that's also a buffer overflow in HEPP

...