Hello, welcome to the Thursday, March 3, 2020 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

I wrote a quick diary today about some of the fake news and tainted and biased news that you will see with the war in Ukraine.

Couple tips on how to recognize some of the issues here, but I think the main takeaway, I guess,

is particular as it comes to social media, not to overwhelm and flood yourself with various news tidbits

that don't really mean much in the end.

And secondly, not to be part of the problem and not to amplify questionable items.

And well, then you also have patches.

And the first one I want to point out, again, parameter security devices, 40 mail by 40 guard laps, has an update for you, fixing a critical vulnerability that allows for an administrative authentication bypass.

An exploit doesn't seem to be as straightforward as a simple default password.

Instead, it says that observing some system properties, you may be able to guess the

authentication token.

So this would be something along the lines of like looking at timestamps,

version numbers, maybe Mac address and such that are often used to derive some of this

authentication data. I suspect vulnerability along those lines. Freda Guard also released an update

for 40 WLC.

That's of the traffic optimizer, but the risk here is only high.

It does state that it fixes issue with the random number generator,

which of course may be related to the problem with 40 mail.

Other 40Guard products also received updates, so double-checked none of them,

overly critical. There is a path reversal vulnerability also in 40WLM. Some clear text passwords

...