Hello, welcome to the Tuesday, February 11th, 2020 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

Jan today documented one of the little bit better, smarter PayPal fishing attempts.

The lure is very typical for these kind of fishing attempts

where it claims that someone else try to log into your account. Now, when you're trying now

to log into the fishing site, it's not going to redirect you to the real PayPal side like

some of these fishing attempts.

Instead, it's actually telling you that, well, your username and password was blocked.

The account is locked.

And then it's asking you for a bunch of other personal information to verify your identity.

Now, I believe that most users will probably

sort of halfway through this process figure out that something isn't quite right, but the trick is

that at this point, the attacker already collected a bunch of useful information, good one to possibly include sort of in your

awareness brief or whatever you do to train your users not to fall for these tricks. And if you

use a fishing attack like this, I think one of the important things to stress is that people shouldn't

be ashamed of falling for the initial fish, but report if they then sort of halfway through

figured out that they probably entered too much information. And Dell patched uncontrolled search path vulnerability in its support assist software.

This software is often pre-installed on Dell computers in order to help you debug issues

on the system and interact with Dell support via this vulnerability.

It's possible to elevate privileges by getting Dell support assist to execute arbitrary code on the system.

Now, this software has sort of a rich, recent security history for vulnerabilities just last year.

...