Hello, welcome to the Wednesday, February 24th, 2021 edition of the Sandtonet Storm Center's Stormcast.

My name is Johannes Ulrich, and the damn recording from Jacksonville, Florida.

The full disclosure mailing list is one of the probably most prominent mailing lists around where researchers do post

information about recent vulnerabilities. Like all mailing lists, it has sort of a simple

web component, but for the most part, it really just forwards emails to its members.

So it's not really a big surprise that mailing lists like this are being harvested and also being

used for malicious purposes.

Our handler Jan, for example, this week received a reply to a post that he sent to the

post full disclosure list two years ago, I believe, and this reply

contained a malicious attachment. Now, it did appear to be a genuine reply, so it wasn't just

that they harvested his email address from the list. It used the same message ID that he used when he

posted to the list and also the subject, of course, was maintained. This may of course be a nice

way to target security researchers overall, however, the attachment and the malicious email itself was everything but sophisticated. It was a simple

zip file and then Excel file that did try to install Quagbot. So really more something

that probably goes after all kinds of mailing lists and just happened to also come across

full disclosure. And I believe I spotted on Twitter a couple of replies of other posters

to full disclosure reporting similar emails. And thanks to everybody who reported a mistake I made yesterday, I stated that the Brave

browser is based on Firefox.

It's actually based on chromium, not Firefox.

But, well, let's make that up to Firefox and talk a little bit about some of the improvements

that we got in the latest version of Firefox,

and that would be Firefox 86.

...