Hello and welcome to the Tuesday, October 17, 2023 edition of the Sandinand Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Quick diary today by Jan about some developments with fishing.

There's a lot of talk, of course, also about the use of AI in creating fishing campaigns.

Personally, haven't really seen much here.

A lot of dubious numbers being spread in that respect.

Jan looked in particular at, you know, two typos still happen in fishing? Because if attackers are using AI tools in order

to create those phishing emails, well, you're less likely going to see these typos. You still see

them. They're still pretty common. Of course, they're common in some normal email as well. And that

just leads to this being not necessarily a great distinguishing

feature here, but still something that still happens with current fishing attacks, AI or no AI.

Also, one thing Jan points out here is the increasing use of the interplanetary file system or IPFS

URLs in these phishing emails. I've seen this for quite a while now. And this is certainly

something that you probably want to look for because that may be actually a little bit better

and easier to detect a kind of artifact of phishing emails these days.

And Cisco is reporting that they're seeing active exploitation of thus far unpatched vulnerability

in Cisco iOS XE. This vulnerability affects the web management user interface.

It does allow an unauthenticated user to add an arbitrary user to the system with level 15,

which is, well, the highest level that you can get on a Cisco iOS device like this.

Best guidance here from Cisco is, well, don't be stupid and expose this stuff to the Internet.

If you have these web-based management interfaces, please set up a VPN or restrict access to them in some way.

Turn them off and then maybe have a little script via S-H or so to turn them on again and hopefully you have your S-H authentication under control.

...