Hello, welcome to the Wednesday, November 1st, 2023 edition of the Sands and its Storms anders Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

If you're looking in the reverse analysis of malicious Python scripts on Windows, a nice post here by Xavier, looking at various anti-sand-high

sandboxing techniques that Xavier found in one particular script. This script took advantage

of the Microsoft API and it used it to check, first of all, if it's running inside a debugger,

then if there's enough physical memory available,

is there actually a user behind the keyboard and is the mouse moving,

and then, of course, if the script is spending too much time in debugger.

Interesting techniques, and of course, something that you need to be ready for if you are

reverse engineering malware and a nice list here from Xavier. So take a look at what he found.

And then we got yet another Confluence data center and server vulnerability CVE 2020ably CVE 2020-518. This one allows an

unauthenticated attacker to essentially the way the vulnerability sounds to delete data.

Since there's no authentication required, Eician does recommend that you take immediate action.

Their cloud instances, of course, are not affected here. So something to worry about if you're

still self-hosting these applications.

Let me go on to more attacks targeting developers Malbites is reporting that they have seen some malicious advertisements,

malvertisements, promising some serial keys for JetBrains PiCharm.

PiCharm is a well-respected Python integrated development environment, so it's not really a problem with Pi-Charm we're talking about here.

It's just that these malicious actors are tricking developers into installing their malicious version of the product,

which, of course, comes with a good amount of malicious add-ons.

Interestingly, they picked some random wedding planning website that is, of course, compromised

in order to place their malicious ads and then the downloads.

...