Hello, welcome to the Tuesday, July 2nd, 2019 edition of the Sandton and Storm Center's Stormcast.

My name is Johannes Ulrich, and the time I'm recording from Riyadh, Saudi Arabia.

In Diaries today, we got a quick tip from Dede for everybody who needs to analyze malicious office documents.

The feature he's looking at today is how Malware authors are able to hide malicious payloads in

user forms.

This is nothing really new, but the DA walks us through how to extract these payloads using his OLLI Dump tool.

And to help you even further to deal with this particular common feature in malicious office documents,

DDA also has a plug-in, the Stream O plugin, that can be used to extract data from these user forms like an example

that he used a text box that contains a URL of course the neat thing about

Oli Dump and all these plugins is that this allows you to easily analyze these

documents safely on the command line and even script and automate some of these analysis steps.

And Motor Maker Sychcel did release an update for its hotspot that include the free time feature.

Free time Wi-Fi hotspots are free hotspots that you can set up.

And the vulnerability being addressed here is first of all a reflective cross-sad scripting vulnerability.

And secondly, maybe even more interesting, something that Sykesil calls a security misconfiguration

vulnerability that would allow anybody to set up guest accounts.

These guest accounts then, of course, could be used to use the free hotspot.

These days, with all the various hardware attacks and abilities of processes to read each other's memory,

one feature that has come into focus, in particular on systems that are used for virtualization, is encrypted memory.

And A&D's solution here is what they're calling SEV or secure encrypted virtualization.

Well, AMD now patched a vulnerability in this important security feature.

The Google Cloud Security team found a way how an attacker could read the secret key from a system protected with

...