Hello, welcome to the Thursday, July 28, 2016 edition of the Sandstone Storm Center's Stormcast.

My name is Johannes Ulrich, and the day I'm recording from Jacksonville, Florida.

In diaries today, we got one by Xavier.

He caught an Unixpot in one of his honeypots. Well, lesson learned here, we passwords still work.

Really over the last year we have seen a big search in just simple telnet scanning. And if you

look at the list of passwords that this particular bot attempts, it's only about two dozen different passwords that it attempts,

and apparently it's still successful enough to actually find vulnerable hosts. Once it finds a

vulnerable system and infects it, it will then connect back to an IRC server to wait for commands. So it's a very good old-fashioned

IRC bot. Now, we have seen reports lately about in and of things like cameras and such,

getting infected by just like bots like this. In this particular case, also, the bot can be

used to launch denial of service attacks which

was observed with the bot that infected these security cameras given the passwords

being used they're definitely looking sort of for Internet of Things style devices

and if you are running sen for virtualization, either the open source

version or the commercial version by Citrix, you need to patch because due to

a vulnerability in this virtualization platform, an attacker who has control

over one of the virtual machines would be able to take over the entire host.

This kind of virtual machine escape, of course, is always very dangerous,

in particular if you are hosting virtual machines for others.

And not a good day to day for last pass, the password manager. There was first block by Matthias Carlson.

He detailed a bug that he found that has been patched now that essentially allowed malicious websites to extract

passwords from your password manager. What happened here was it's a common flaw in these kind of password and form-preful

...