Hello, welcome to the Thursday, May 6, 2021 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Ever found yourself with an infected computer, wire shark, and a packet capture?

Well, if you enjoy these kind of situations, we do have another

forensic contest for you. Brad again put together a little quiz and with that you will again

receive a packet capture and have to figure out essentially what happened. There are five different items that Brad wants you to figure out, then well, whoever submits

the first complete solution will win again a Raspberry Pi this month.

A solution for the quiz should come up, well, probably sometime next week or so, of course,

we'll wait first for some submissions to arrive.

And while sometimes security tools turn against us, the latest example, Windows Defender.

Windows Defender apparently for a short time created literally tens of thousands of files in a particular

directory on the boot disk of your Windows system. The files themselves were small, just a little bit

under one kilobytes, so many users may not even notice, but in some cases it amounted to 30 gigabytes and more

of storage space, according to a story on bleeping computer.

Bleeping computer also noted that Microsoft has fixed this problem now, and you should

be looking for if you are running the engine version 1.1.18

100.6 and well if you are not running this version actually an older version than that then do

check for updates and that should hopefully download the latest

security intelligence update for Microsoft Defender and Hyvirus again according to

bleeping computer. But for most of you, this update should have been applied already. This is

not treated as a security update that you sort of have to install,

but it's really more like an Anahirus signature update that updates continuously in the background

...