Hello, welcome to the Tuesday, January 28, 2020 edition of the Sands and its Storm Center's Stormcast.

My name is Johannes Ulrich.

And I'm recording from Augusta, Georgia.

Over the last week or so, the developing coronavirus situation in China, of course,

has gotten a lot of news attention whenever we do see

a topic like this being heavily covered. There is always a good chance that we will see some

fraud associated with the issue. Now, historically, the two top things we have seen here are websites that

are popping up that either sort of collect fraudulent donations or are offering other kind

of fraudulent content. We also have seen Malver typically that uses, for example, news

about the event to trick users into

open malicious attachments in particular videos. If you see anything like this, please let us know.

Now, one thing we have observed is there are certainly a lot of domain names related to the virus being registered.

At this point, haven't really seen anything sort of malicious on these domains yet.

Most of them are just parked or have some blank sort of placeholder page at this point.

Of course, I don't really have any insight in what could happen with this situation,

but this is probably not a bad time to dust off your business continuity and disaster recovery plans

to take a look if they are still current. At the time when you know you need those plans, it's probably too late to review them and

to actually correct any problems that they may have.

Just a couple days after denial of service, proof of concept was released for the Remote Desktop Gateway Vulnerably CBE 2020-0609 and 0610.

Security researcher Luca Marcelli posted a video of a demonstration of an exploit that he wrote that actually achieve his remote code execution.

This exploit has not been made public yet.

Lucas states that he may post a plot post about this in the future.

...