Hello, welcome to the Wednesday, March 30th, 2020 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

Post an update earlier on a story that we had two weeks ago about fake accounts on Twitter soliciting donations in

cryptocurrencies for Ukraine.

Well, there are quite a few more of them since we originally saw the first accounts here.

One of our undergraduate interns, Jesse LaCruh, did write a quick

script to search for some of them, found very quickly 10 and actually since then a few more

accounts that are peddling the same crypto coin addresses as the initial accounts.

Sadly, many of them are still online and are still collecting money,

even though at least as far as Bitcoin goes, this attack hasn't really been all that

successful so far as we can tell.

And then yesterday I covered a number of different firewall vulnerabilities.

Apparently I may have said and I have to go back to listen to it again that the Sonic

Wall vulnerability was already exploited.

That's not true.

The Sonic Wall vulnerability has not yet been exploited.

The vulnerability that is already being exploited is the Saufos vulnerability. That's CVE 2020-1040,

and it does affect the Sophos firewall.

I'll link in to Sawfoss's advisory just to make sure that you got the right one.

And talking about vulnerabilities that are being exploited, SISA is reporting that they're

observing attacks against management interfaces for UPSs, the

uninterruptible power supply and not the shipping company being actively exploited.

...