Hello, welcome to the Wednesday, May 17th, 2017 edition of the Sands and the Storm Center's

Stormcast. My name is Johannes Ulrich, and I'm recording from San Diego, California.

If you received some odd emails from DocuSign this weekend, then you're not alone.

DocuSign is a company that simplifies the electronic signing of legal documents,

and the emails claim to link to a document that you are asked to sign,

but instead of an invoice or similar document that you expect to show you will receive a

Word document with the usual macro malware.

In itself, that would not be so special given that systems like this are certainly often abused and impersonated

by fishing campaigns. However, in this case, the email were even more plausible than usual

because miscreants actually managed to breach a system of DocuSign and steal customer emails.

So the result is that these phishing emails actually arrived in the inboxes of actual

DocuSign customers, which of course were accustomed to these emails, and then more likely

going to click on them.

According to DocuSign, only emails were stolen.

Of course, docine does deal a lot with confidential documents that people are transmitting via their systems.

Last week, I talked about how certain HP laptops

that use an audio chip from Connects and

log all keystrokes.

Apparently this was a debug functionality that was left behind in the audio driver, but the

effect was that all keystrokes, including usernames, passwords that the user may

have entered, were logged in clear text files. HP now released an update to the driver

that removes this key logging functionality. Actually, it turns out this was an update to an update.

...