Hello and welcome to the Thursday, March 16th, 2020, 3 edition of the Sansanet Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Jan today wrote up what I would call sort of a more modern fish, and that's something that we do see quite a bit lately.

First of all, the email links to an address in IPFS.io.

This is the Interplanetary File System, a distributed storage system, which makes it difficult to take down specific phishing pages.

The other thing they're doing is that they're displaying the victim's homepage based on the

email domain in an eye frame.

Now, this is something that you can actually easily prevent.

We have seen in the past sometimes where they're using sort of screenshot services

like thumb.io, that's a little bit more difficult to prevent,

but you should have the right headers in your HTTP response

that will prevent your page from being displayed in an eye frame. It used to be that X frame

options was the header to use here, but more recently this switched over to Con and Security Policy.

So you really need Con and Security Policy in order to prevent this from happening.

And one of the interesting vulnerabilities that Microsoft patched yesterday was CVE

2020-23-23-397.

This was the Microsoft Outlook vulnerability.

I told you that this is likely something very easy to

exploit. Well, it turns out that MDSec now has a great write-up about this vulnerability,

showing what it's all about and how to exploit it. It's actually sort of a little bit an odd

feature here. Apparently, you're able to include a

URL that's being used for the notification sound when you are sending a calendar invite.

...