Hello, welcome to the Tuesday, September 25th, 2018 edition of the Sandtonet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Las Vegas, Nevada.

Looks like sextortion scams are just not going away, but they keep tuning their methodology.

So originally what we saw is emails that went around that used actual passwords that you may

have used in the past that leaked and they included this password as evidence that the attacker

controlled your system in order to convince you to actually pay the ransom to have evidence

of you browsing porn deleted.

The latest faith still includes a password, but it doesn't really appear a password that's

associated with your account according to recent password breaches.

Instead it looks like the attacker is trying to cast a wider net

by essentially reaching email users that haven't had their password leaked recently. So instead,

they're just inserting a random password, hoping that it looks convincing enough. Maybe they

even accidentally hit the right password to get you to pay up for the ransom.

Also, the Bitcoin targeted addresses are randomized in this case, so each email appears to have a different address.

In past campaigns, we saw a lot of reuse of these addresses, which actually made

a little bit easier to track these campaigns and to figure out how much money the attackers made.

These attacks have been quite profitable in the past, so that's probably why attackers are trying

various variations of this scheme.

And Apple today released the latest version of Mac OS, Mac OS Mojave or 10.14.

Now with this update, Apple did fix eight different security vulnerabilities.

Some of these security vulnerabilities we have seen last week

with the update of iOS. Of course iOS and macOS share some code. Now I expect the same

vulnerabilities to be present in macOS high Sierra or 10.13 and earlier versions of macOS and

...