Hello, welcome to the Tuesday, February 1st, 2022 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

We've got a quick post today by Xavier about RPMSG files or restricted permission messages. These are essentially email messages with digital rights management,

so the sender can restrict what you're doing with this message.

And, well, it's sort of part of the Microsoft messaging ecosystem.

So in order to send the message, you have to have an Outlook account and also the

recipient typically needs to use Outlook in order to see the message. At least within Outlook,

the messages are opened automatically. The reason these are used maliciously is fishing. Remember

yesterday I talked about how Microsoft is reporting about fishing campaigns

where the sender is joining your Asia Active Directory domain.

Well, this could be then used with these RPMSG emails in order to appear more legitimate and also to possibly bypass certain security

tools.

And yesterday I mentioned how QNAP got some heat for automatically updating certain QNAP devices.

Well, today QNAP did a press release clarifying some of this in order

to be actually automatically updated. You have to enable the auto update feature. Auto update will

also not apply all updates. It will apply what QNAP calls the recommended version.

So if there's just a simple feature update or so it will not be applied,

they restrict that to significant updates of their operating system.

And what happened in this particular case is that the particular version of the QNAP operating system was

released a few weeks ago, but on January 27th QNAP set it as the recommended version in order

to counter this most recent attack of ransomware against the older versions of the QTS operating system.

And talking about network storage devices, we do have new vulnerability in Samba.

The SMB implementations used by many Unix systems, in particular by a lot of these network storage devices.

...