Hello, welcome to the Tuesday, April 20th, 2021 edition of the Sands and at Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Neat diary today by Jan. He looks at fishing sites on how to identify them. One trick here is the use of specific FAF icons, the

favorite icon that's often displayed as part of the URL in a web browser. Of course,

to make a fishing site plausible. This icon is copied from the original site and well, Shodan actually allows you to search for specific icons.

And Jan also included a link to a GitHub project that tracks different hashes for popular Faf icons.

Now, the hash being used here is a murmur hash. It's not a cryptographic

hash. The goal here is not really to be secure in a sense to make it difficult to reverse the hash,

but really just have an efficient lookup method for these images. Back in February Nagaios, the network monitoring tool

patched an OS command injection vulnerability. That's actually, well, fairly easy to exploit. All you

have to do is more or less at the command you would like to execute to a specific URL.

And Unit 42, the Palo Alto research team, is now reporting that they see this vulnerability

actively exploited to install crypto coin miners.

And please don't forget, because this is very easy to exploit vulnerability.

These crypto coin miners are probably just the tip of the iceberg.

There's probably a bunch of other stuff that's being done using this particular vulnerability.

Nagaios, sort of being able to connect to a lot of systems in network,

often being also allowed to execute commands on other systems on the network, is certainly

a fairly juicy target and something an attacker could easily leverage to get access to

large parts of a network.

And Trent Micro is reporting about a new version of the XES set malware.

This malware came originally up in August last year, and it is targeting macOS developers.

...