Hello, welcome to the Wednesday, August 5th, 2020 edition of the Sand Center Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

I was a bit over a week ago that Cisco released a patch for CVE 2020-3452.

This was the directory traversal vulnerability in its adaptive security airplanes and firepower threat defense. Now pretty much immediately after the patch was released,

there were some reports of exploit attempts in the wild. No big surprise. The exploit is

rather trivial. We primed our honeypots to basically look for these exploit attempts. And yes,

we are seeing some, but actually very few. It's just at a rate of a couple a day, and at this point we only see essentially

checks whether or not a particular system is vulnerable, no exploit attempts where they're actually

trying to read confidential files. This could in part be due to our Honeypot not very well emulating this vulnerability.

So maybe we are just not seeing the additional exploit attempts after the initial detection.

And recently we had a couple of high-profile DNS outages that were essentially caused by misconfiguration.

This week we had Telstra in Australia.

A few weeks I think it was ago, we had Cloudflare having some issues.

And one thing that sort of became obvious there is that there are a few large DNS providers that are really sort of covering a large

part of the Internet or the domains. Now, the two outages that I mentioned were in part the

authoritative name servers, but also recursive name servers.

Now, I took a closer look at authoritative name servers by essentially parsing through some of

the top-level domain zone files.

Looked at about, I think it was 400 million records.

That's about how many domains were in these files. And well, it turns out

it doesn't look good. Shouldn't really surprise anybody. Looked a bit worse than I thought it

...