Hello and welcome to the Thursday, December 12, 2004 edition of the Sansonet Storm Center's

Stormcast. My name is Johannes Ulrich. And I'm recording from Jacksonville, Florida.

In Diaries today, we have an interesting observation from one of our undergraduate interns,

Sherlock Jureer, did publish about scanning for V-Sphere vulnerabilities.

V-Sphere, of course, has a rich history of vulnerabilities.

Also, tends to be somewhat difficult to patch.

So when about three and a half months ago, some new vulnerabilities were being patched

that actually could lead to a V-sphere compromise, Jolouk pretty much saw initial reconnaissance

scanning the day after the vulnerability became publicly known.

Not only that, there were also other scans from the particular IP addresses that looked

like they were zooming in somewhat on the particular despair of vulnerabilities here in V-Sphere,

and essentially it was added sort of as a new tool to this particular actor's

tool set. They in the past and continue to also scan for non-BMware related vulnerabilities.

And this is very, very typical where attackers have a specific bot that they can easily use to add additional

vulnerabilities, in particular to scan just for the presence of the vulnerability, to then

later come and exploit them. So any one of these bots is typically scanning for a couple

dozen or so different vulnerabilities that are then being swapped out from time to time, old ones being retired, and new vulnerabilities being added.

And Apple released updates for, well, everything. We got updates for iOS, iPad OS, MacOS, WatchOS, Vision OS. So pretty much any

operating system that Apple produces received updates. There were also some updates for older

versions of MacOS going back to Ventura 13 and also for iPad OS, interestingly, 17.

Nothing for iOS 17.

Overall, the vulnerabilities are really not that sort of groundbreaking.

...