Hello, welcome to the Tuesday, July 5th, 2016 edition, Sandtonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jackson, Florida.

Pratt this weekend wrote about a change that he's seeing in the Pseudo Dark Leach campaign.

In the past, according to Pratt, the pseudo-darkleash campaign usually left a few

kilobytes of JavaScript, heavily obfuscated JavaScript in websites that it compromised. More

recently, what he's seeing is really just sort of an included JavaScript that then points to a different site.

Likely, in my opinion, this is due to making a little bit more difficult to spot this particular

JavaScript. Typically, the old style JavaScript was very easy to identify as malicious

just because of the heavy obfuscation of that script.

Last Thursday I talked about some vulnerabilities that were discovered in Lenovo's system management mode code

that could lead to an attacker flashing the bias with malicious code. Now back then I just talked about how this could

possibly be happening there is an exploit available now that exploits just this

particular vulnerability has been published to GitHub I have no thing pad, so can't really test if it's working or not.

But according to the comments I've seen, the exploit is working and is genuine.

According to the author of the original blog, the code that's vulnerable here, at least in part, comes from Intel

reference code that Intel published, so it's very possible that other vendors are affected

as well. Lenovo stated that it actually didn't write the code itself, it received it from

an upstream vendor, so it's possible that that

particular vendor sold this code to multiple laptop makers and as a result, they would be

vulnerable as well. So watch out for firmware updates, not just from Lenovo, but make sure that the firmware updates that

you're receiving are authentic.

Another patch here that you may see show up in the next couple days or weeks, effects

...