Hello, welcome to the Tuesday, October 23rd, 2018 edition of the Sandtonet Storm Center's Stormcast. My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

I always love it when we get some interesting malware from readers and can actually write about it. Didier did so today. We received an email from

one of our readers that contained a compressed RTF attachment. Now, Didier is walking you through

how to analyze such an email and how to use his tools, the little Python scripts, to do so quite quickly

and efficiently.

So it should be easy for you to follow if you run into a similar attachment yourself.

Real-time operating systems or short RTOS are a popular family of operating systems that are often used for automation

or, well, what's often called the Internet of Things.

As of late 2017, Amazon took stewardship of free RTOS.

That's a free real-time operating systems, as the name implies,

and it's really based on sort of that same family of operating systems, like, for example,

open RTS, which is a commercial or for pay version of this operating system. Well, Simperium took a closer look at these operating systems, and they found a number

of remote code execution vulnerabilities and denial of service vulnerabilities that affected

the TCP IP stack that comes in particular with free RTOS.

That's the Amazon version that's also

deployed via Amazon's cloud.

Now, there are not a lot of details yet, and Sampyarium says that they'll wait a month

until they'll release any details, but out of the 13 CVs, so 13 vulnerabilities that were published, we have four remote code execution

vulnerabilities.

So without these details, really hard to say how exploitable these vulnerabilities are or how

an attacker would exactly go about exploiting them, but given that they are part of the TCP IP stack,

it's very likely that a system is exploitable as soon as it's connected to a network.

...