Hello, welcome to the Thursday, June 14th, 2018 edition of the Science and Storm Center's Stormcast.

My name is Johannes Ulrich, and the I'm recording from Jacksonville, Florida.

Remco came across an interesting attack against one of his honeypots.

Now, the initial login just used a standard password route and then it did

a numbers of interesting fingerprint attempts. At least that's what it looks like. For example,

it's looking for microtick routers using a command whose output recently changed. So this could,

for example, then be used to discern what

version of a router OS is running on this particular router. It also checks if it's on an

Android device, interestingly, and then it checks if any crypto coin miners are running on

the system. At least it checks for processes that contain the word miner.

Remco has seen these attacks only from a fairly limited set of Russian IP addresses.

Now of course an IP address doesn't mean attribution, but on the other hand, we have seen

a lot of talk about these attacks against routers, and this particular attack does not look

like your standard sort of MiriBot.

If you have seen anything like this in your network and your honeypots and maybe you have

a little bit more data to

contribute, let us know. And then we have more details how to exploit one of the more interesting

vulnerabilities that Microsoft patched this week. This was a vulnerability in Cortana, the voice

assistant that's included in Windows 10.

The problem here is that when you're using Cortana, even on a locked system, and you start

typing while Cortana starts listening, then you actually get sort of this contextual help

menu that does reveal at least file names that are stored on the system.

...