Hello, welcome to the Thursday, June 2nd, 22 edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Jan today took a look at a recent HTML fishing attempt.

HTML fishing usually refers to where you have the entire

fishing page included in the email. That of course does make the fishing attempt a little bit

easier in terms of not having to direct the user to an actual malicious web page. However,

the data still has to get to the attacker, and typically,

it was pretty easy to figure out where the data went. You just looked at the HTML, you looked

at the form, maybe there was some JavaScript that picked up the keystrokes, and then

send them to a specific URL. But while even these fairly simple sort of low-end fishing campaigns are using obfuscation now,

and Jan did take a look at a recent attempt here,

and the obfuscation being used in that email that makes it a little bit more difficult

to figure out where the data ends up.

But of course, a JavaScript debucker and the right breakpoints will very easily tell you

where the data is going.

And by the way, Jan will also be speaking at Sansfire.

Mid-July will have the conference and a link to it will be in the show notes.

And then just a quick update on the Folina Vulnerability MS-MSD-T or CVEE 22-30190.

Still no patch from Microsoft, but there is now an unofficial patch from a Zero Patch.

Serra Patch, a company that specializes in creating these micro patches, as they call it,

and they released a free patch for this vulnerability. Not sure if it's worth the risk really, given that there is a

workaround and probably applying. The workaround is about as hard as rolling out this

...