Hello, welcome to the Thursday, January 7th, 2021 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich.

I'm recording from Jacksonville, Florida.

Well, only took a couple days, but we are seeing now active exploitation of the Syccell vulnerability. This is the back door where we have

the admin password that can not be changed by a user. So certainly urgent now that you're

updating your devices. Not clear yet what they're attempting to do. At this point, we just see scans using

the username and password combination that gives you access to these vulnerable devices.

And while adding to this theme of parameter secure devices, actually add vulnerabilities. We got a set of

advisories from 40Net. For example, the 40 web application firewall that's supposed to protect

your web application is suffering from SQL injection as well. and also from a buffer overflow and a format string vulnerability.

Now, 40 Deceptor, which is 40 Nets,

a plines that uses deception,

so essentially an internal honeypot,

suffers from an actual vulnerability, in this case an OS command

injection vulnerability that could allow an attacker to execute arbitrary code.

Lastly, for the gate ZEL VPNs, well, this is probably the least severe of the vulnerabilities.

It does leak some logs from the VPN to different users.

So if you are using one of these three Fortnite devices, please update.

Haven't found any exploits out there yet, but I only did a quick Google search, so there may already

be more out there. Let me know if you find anything. And in case you're still running

your own mail server, you should be aware of an update to Dovcut. Dovcutt is a fairly popular

iMap server used to retrieve emails and today

...