Hello, welcome to the Wednesday, January 27th, 2021 edition of the Sandtonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Wallace today dropped the interesting vulnerability in Sudo.

Sudo, the tool that's used to allow for limited privilege escalation

in many Unix versions, is vulnerable to a relatively straightforward buffer overflow.

And of course, the end result is that you're able to escalate privileges without any restrictions.

Patches are already available for major Linux versions, so please update.

This is relatively straightforward to exploit vulnerability.

Qualis did publish a benign proof of concept that you can use to test if your system is vulnerable.

Sudo has had a history of vulnerabilities.

It was actually just about a year ago that we had vulnerability in S pseudo with the password feedback function.

That particular vulnerability was a little bit more limited in scope.

It only affected pretty specific configurations,

while this new vulnerability does appear to affect a much wider range of versions and configurations.

And then we have an update on Quagbot or QBot from Bradden.

Apparently that's sort of, well, also,

a Malver campaign returning from the holidays.

I guess they took a little bit longer holiday than some

of the others. Last time that Brad observed this was mid-December. And back then, well,

the particular campaign that he was observing here that Brad is calling TA551 or chat hack.

This campaign was spreading iced ID and now they switched over to Quagbot or QBot.

The campaign follows the all too well-known pattern where you receive an email with an attached SIP file. Now, this particular campaign

...