Hello, welcome to the Tuesday, July 24th, 2018 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Orich.

And today I'm recording from Jacksonville, Florida.

Just a quick update that we are still seeing the new web logic vulnerability being exploited.

We have now seen the obligatory crypto miner. Also

interestingly some DDoS malware not sure exactly why they are going after web logic

but I guess it's just part of the standard toolset being deployed to vulnerable

servers. Well probably the other thing we need as little as a new web logic vulnerability is a new

version of the Specter vulnerability.

This particular version, Specter, RSB, is targeting the return stack buffer and it's

well a yet another way how you can take advantage

of the speculative execution in modern processors.

The return stack buffer essentially holds the last 16 addresses that the processor worked on

and again it's sort of meant to optimize how the processor determines

what to do next. Well, this return stack buffer can be manipulated and as a result,

arbitrary code can be executed. As previous Spector attacks, this does not just affect Intel

CPUs, even though those were the ones that

were tested by these researchers, but it should affect AMD and arm processors as well, because

they pretty much use the same RSB mechanism.

Although since the nature of this Specter attack is quite different from previous attacks.

Existing patches do not really apply to this vulnerability.

And Chihu 360 is reporting that Microsoft patched a vulnerability in an Explorer in July

...