Hello, welcome to the Tuesday, September 21st, 2021 edition of the Sandstone Stormst Stormcast.

My name is Johannes Ulrich.

And then I'm recording from Jacksonville, Florida.

I briefly mentioned yesterday the increase in scans for Port 1270, one port that is associated with the oh my god vulnerability, the open management

interface issue that affected Microsoft's open source implementation of this protocol, and of course,

for the most part, Azure users.

Half of the scans were originated by researchers, as far as we could tell.

Now, we may not have captured all the research IP address that are being used to scan the Internet.

Only one particular group apparently attempts to do some form of exploitation.

The reason I call it just one specific group is that they're downloading a second-stage

payload then using the vulnerability, and they're always using the same IP address.

None of the payloads appear to be available, so this may really more be an attempt to see

which systems will reach out to the particular payload URL.

In addition, we have also seen a couple of simple attempts to just launch the ID or Who Am I Command, again, just to fingerprint the particular target and figuring out if it's vulnerable.

None of these additional sort of exploits came from researchers.

Again, as far as we can tell,

researchers so far are just leaving it with a simple port scan and maybe grabbing a banner.

Census, one of the research groups and probably one of the more established and respected

ones published that they only found 56 known exposed services worldwide.

So very small number and kind of suggesting that this service isn't really used outside of Azure.

And Apple today released iOS 15, iPad OS 15, Watch OS 8, TVOS 15, Xcode 13, Safari 15, and iTunes 12.12 for Windows.

With those updates, of course, came a number of feature improvements, but we also got a number of security

...