Hello, welcome to the Thursday, September 20th, 2018 edition of the Sanct Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

It's just about a week since Patch Tuesday, but Adobe already released another update, this one affecting Adobe Acrobat and Reader.

The update fixes seven vulnerabilities and one of these vulnerabilities an out-of-bounds memory write is labeled as critical because it does lead to arbitrary code execution.

Adobe is currently not aware of any exploits for this vulnerability and also doesn't consider

exploitation to be imminent.

And both Mac as well as Windows are affected by this vulnerability, given that Adobe did meant through trouble to actually publish

a special bulletin for these vulnerabilities. I would still probably try to expedite updating

these products. And Akamai released its state of the internet report.

Now based on Akamai's business, it's focusing heavily on denial of service attacks.

And one attack that they're pointing out here that I have seen really on the rise sort of

over the last year is credential stuffing.

Credential stuffing is essentially a password

prudforce attack, but one that's a bit more intelligent in that it uses a username and

password combinations that have been leaked in some of these large leaks of such data.

Now the problem to the defender is that many of these attacks

originate from botnets, so they come from many, many different IP addresses. Also, individual

users are typically only hit a couple of times, depending on how many different passwords

the attacker has for the particular user ID.

But what Akamai is pointing out that these attacks can quickly amount to a denial of service

attack, given the size of the botnets that are conducting these attacks, and also the size of

these data breaches that the bad guys have accumulated.

...