Hello, welcome to the Tuesday, August 13th, 2019 edition of the San Santernut Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Attackers are working their way through possible file extensions in order to infect users.

The latest example is DAA files and one of our readers Jason did send us a file that he received.

Now DAA stands for Direct Access Archive and it's a type of ISO files as you may know them from CD

images now the trick here is that the A files are less common they're also not

automatically mounted in Windows like ISO files so a victim actually needs to

have additional software available in order to read these files

and be infected by it.

One such tool is power ISO, that's for pay application.

DDS suggests that this could be used in a more targeted attack where the attacker knows the victims are

familiar with these type of files or we had one comment being submitted to this story that

the power ISO tool in particular is often also used in pirated versions.

I doubt there are a lot of legitimate reasons to receive the A file as an email attachment,

so I would probably recommend you just strip them out at your mail gateway.

And a couple different news articles actually pointed to SQLite last week.

SQLite is one of the software components that has long been overlooked.

More recently, there have been a number of interesting vulnerabilities that were discovered

in this library. Now, SQLite really doesn't have much in common with traditional SQL other than a similar query language.

The data is stored in flat text files and from a security perspective it actually looks pretty benign initially

because there is no server listening and it's less exposed

...