Hello, welcome to the Wednesday, April 29th, 2020 edition of the Santernut Storm Center's

Stormcast. My name is Johannes Ulrich. And I'm recording from Jacksonville, Florida.

Today's diary is from Jan, and he is looking at some of the history of recent ancient Tesla

mal-spam campaigns.

And what he sort of sadly noticed is they haven't really changed all that much over the last year.

You probably have seen these emails to the sort of TNT shipping notification messages that then,

of course, have a suspect attachment.

Kind of always the sad thing that keeps repeating here is that it's not necessarily the new

and shiny exploits that cause all the damage.

It's all that sort of ongoing bombardment with pretty old tricks, old Malvern, that apparently still works.

So the attackers, they don't really have to work that hard to actually infect systems.

And VMware released a patch for its ESXI product, fixing stored cross-set scripting vulnerability that VMware assigned

a CVSS score of 8.3, so kind of up there and labeled as important. In order to exploit

this vulnerability and attacker would need to have access to a virtual machine running within

ESXI and they would need to be able to change a virtual machine attribute like, for example,

the host name of the virtual machine.

With cross-site scripting, it's always a little bit up to the creativity of the attacker,

how much

they'll do with it. And of course, an attacker that took over a virtual machine would potentially

be able to sort of affect the ESXI management console, which is almost kind of like a virtual

machine escape vulnerability. And the Microsoft threat protection intelligence team did publish a pretty extensive

blog post about how to reduce the risk from ransomware.

...