Hello, welcome to the Tuesday, June 19th, 2018 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Xavier today looked at some obfuscated JavaScript that he found surprise on a compromised WordPress website.

This JavaScript was in so far different in that it targeted particular mobile browsers.

And you may have seen some ads on websites that really sort of render the website almost unusable on mobile devices. Now, this is typically not due to malware, just some badly written ads, I believe, but in this

particular case it was a compromised website that then used JavaScript in order to inject

these ads.

Well, Kastaville was observing these ads, they just redirected to spam.

Now, for the most part, of course, this can change at any moment whenever the attacker

gets more money.

For, for example, redirecting users to malware.

And these days, of course, security camera vulnerabilities are always something to pay attention to,

given all the botnets, hunting for them, and we do have a new set of them.

This time they're affecting more higher-end cameras made by Axis. Access makes a wide range of cameras.

They all essentially run the same software, so pretty much all of them are vulnerable.

Probably the most severe of these vulnerabilities is an off-occacation bypass.

At least it's not a default password, but something similarly easy to

exploit. Turns out that in order to launch commands on the camera, you have to use a file name

with the dot SRV extension, but the authentication system doesn't necessarily validate the path correctly.

So if you're appending an URL, a file name that ends in dot SRV to a file name that you

have access to like index.html, then you may be able to trigger a command without actually requiring a username and a password.

Now, starting with that and a number of other vulnerabilities that can be exploited,

...