Hello, welcome to the Thursday, September 3, 2020 edition of the Sandstone at Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

In diaries today, we got one by Xavier looking at a malicious Python script, and the main reason that Xavier sort of picked this particular

Python script is to show how you can sometimes eyeball essentially a Python script and figure

out that it's probably malicious. In this particular case, I guess just by looking at it,

it's heavily obfuscated. But then once you de-offuscated,

there are a number of specific Windows API calls that you wouldn't find in a normal little Python script.

Like, for example, virtual alloc, alok, which will allocate memory, which is typically something that you don't really

need in Python other than to, like in this case, inject shell code into this memory.

In this particular case, the shell code just tried to connect to a particular IP address to then receive additional commands.

And QNAP today released an update for many of its storage devices. QNAP has been a huge target

like many of these network attached storage devices.

So certainly something that you should keep up to date.

Noteworthy here are updates to pro FTP demons.

So if you have FTP enabled on the device, definitely update some of these vulnerabilities, go back to 2017,

and then there are also a number of newer vulnerabilities that are being addressed with this

update. While you are working on the device and applying the update, I highly recommend that you disable whatever service,

whatever application you don't need on these devices. They typically come with a bunch of

different web applications enabled, things like photo station, for example, to share photos and the like.

Many of them you may not need, so please disable them to reduce your attack surface somewhat.

And yes, if at all possible, please do not expose these devices directly to the internet.

And Apple yesterday released an update to iOS, iOS 13.7.

...