Hello, welcome to the Tuesday, December 22nd, 2020 edition of the Sansanet Storm Center's Stormcast. My name is Johannes Ulrich. And I'm recording from Jacksonville, Florida.

Today on the Storm Center, we got a quick diary by Rick regarding openportstats.com.

That domain claims to be part of a research organization scanning the internet for open port,

and of course, we do have a number of similar organizations, probably most prominently

Chodan, Sinsic and the like.

What differentiates this particular organization somewhat is that their port scans

can be rather aggressive and as Rick has observed earlier this year, they can pretty much amount

to a denial of service attack. To make things worse, the email addresses listed on their web page are not working.

They're just bouncing with a server not available error.

Now on the internet Storm Center as a part of our API, we do have lists of IP addresses

used by researchers to scan the internet.

Open port stats is included in that list.

So if you would like to block them, you could consider using that list.

Or you could also consider blocking the AS used by this group, 202,425. Of course, there may be some collateral damage here if you're

blocking the entire ASN. And Dell today released patches for the Dell-Wise thin OS clients.

These are thin clients that are often used in healthcare in order

to provide access to cloud-based applications. Security company CyberMDX that deals in the healthcare

space has identified vulnerabilities that could lead to a compromise of these clients.

Now, of course, sadly, they're sort of advertised as secure terminals because there's really

very little kind of going on on the actual terminal.

The applications are all hosted in the cloud, but of course, taking over the terminal still provides

an attacker with access potentially to these cloud-based applications.

...