Hello, welcome to the Tuesday, August 10, 2021 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich and Rammokh recording from Stockholm, Germany.

Microsoft Exchange is likely going to remain the gift that gifts on giving and Orange Zai, who was also instrumental in finding some of the

recent vulnerabilities in Microsoft Exchange, has presented at Black Hat a talk where he talks

about some of the specific vulnerabilities or classes of war on abilities really that were introduced

in Exchange 2013.

Attackers are at the same time also heavily scanning, for example for the proxy log-on

war on ability and are definitely trying to figure out some of the war that Orange Tsai hinted on, but

never really sort of provided sufficient details to actually exploit them. So what this means

for Defender is get ready to patch Microsoft Exchange again and again. So better get your

playbook down to be able to do it quickly as additional

patches will likely be released in the near future. And talking about systems that keep on

giving for the bad guys, Synology is warning that botnets are attempting to prove force weak admin credentials,

specifically for its product. Synology, of course, makes these disk network storage devices.

Of course, we have seen over the last few years many of many Mirai-style botnets that go after devices

like this. At the same time, we also got new vulnerability that apparently affects about

20 different manufacturers of routers. Now, many of them are being provided by ISPs so the brand may not always

be that clear that you're using whether or not you're using a vulnerable router

or not let's just make this week at the router patch week if you have some time

this week take a look at your router make sure that your firmware is up to date.

And if not, then get it patched. Even if your router is not on the list, there is a good chance

that, well, on the last few months or so, there was a security relevant update for the device.

...