Hello, welcome to the Tuesday, June 1st, 2021 edition of the Sandton and Storm Center's Stormcast. My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida. Public cloud services, of course, remain a preferred option to host various malicious content. And one of the reasons it often goes

undetected is that it's not always clear what particular host names or domains are actually

provided by the cloud company or what content is user provided. Xavier has a recent example of malicious

code hosted on scripts.gov.com. Much of content hosted by users on Google, of course,

uses Google user content.com and that has also often been used to distribute

malware scripts.gov.com a little bit less obvious that the content isn't actually provided by

Google but by users that are depositing their content on that particular site.

And we got a new security advisory from Sonic Wall.

Sonic Wall warrants that it's Sonic Wall Network Security Manager, if deployed on

premise, is vulnerable to command injection.

However, this vulnerability is only exploitable post-offication,

so an attacker would first need valid credentials to log in, but any credentials will do

and will allow execution of code with full admin privileges or route.

Sonic Wall made a patch available.

The unpatched version is 2.2.0.

The patched version 2.2.1 and for details, please refer to Sonic Wall's advisory.

And then we got an updated advisory from Yulad Packard Enterprise regarding remote code execution

vulnerability in their systems inside manager or SIM.

The root cause here is deserilization vulnerability.

The advisory itself is not new, but definitely you shouldn't

sort of just skip over it because you already saw it. It was originally published mid-December

...