Hello, welcome to the Tuesday, April 27th, 2021 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida, but actually sort of virtually today teaching in Baltimore, our intrusion detection in depth glass.

In diaries today, we got a diary by DDA.

DDA took a look at a microstation files.

Microstation is CAD software.

I actually wasn't familiar with it, but apparently just like AutoCat files that DDA has

looked at in the past, Microstation

CAD files may also include Visual Basic for application code.

So they're using the same OLE format that, of course, DDA's OLEA dump tool will gladly analyze, and DDA now extended the tool to work also with the

dot DGN and NVBA files that a micro-station uses. At this point no need to panic.

There is as far as the DDA is, no matter being distributed with these files,

but by getting his tool ready and showing how to use it with these files,

well, if you run into anything suspicious, please let DDIHA know.

And then probably the big event today was that Apple updated literally everything.

iOS, iPad OS, Mac OS, watchOS, as well as some standalone applications for Windows, Safari, and the like.

But among all the bugs patched is one particular dangerous vulnerability

that apparently is already being exploited in the wild. This vulnerability does bypass

protections that Apple has put in place in order to prevent users from launching untrusted or malicious code.

There are really two different technologies that are at play here.

First of all, file quarantine.

Whenever you download a file from a website, then try to execute it.

...