Hello, welcome to the Wednesday, October 21st, 2020 edition of the Santernut Storm Storners Stormcast.

My name is Johannes Ulrich, the day I'm recording from Jacksonville, Florida.

So we found an interesting Python script that actually looks like it sort of is trying to re-implement the MiriBot in Python. Not really sure sort of why,

but it's really more or less just a wrapper around C-Map. And yes, for sure, there are still plenty

of devices out there that are exposing Telnet and either haven't been actually exploited yet.

And I also found quite a number of devices that of course have been exploited for quite a while.

For example, by the Pricker bot that has been a couple years old or so and a simple reboot would probably fix some of these

devices.

And Google released an update to Chrome that fixes for high and one medium severity vulnerability.

And now one vulnerability that makes this update more interesting and probably also more urgent

is CBE 2020 1599.

It's a heap buffer overflow in free type and apparently this one has already been exploited

in the wild. Of course the zero log on vulnerability has kept Windows administrators kind of busy lately,

but don't forget in certain cases the Linux Samba implementation may also be affected of this vulnerability. QNAP now released an updated version of its

firmware QTS for its devices, for its network storage devices that addresses this vulnerability.

Now you're really only vulnerable if you are configuring the device as

a domain controller. Not really sure how common this configuration is, but anyway, please

apply this update. And just to emphasize that this is a Linux problem or Samba problem,

not a QNAP problem per se.

So if you do run a Network Act storage device that is Linux based, which many of them are,

and you are using it as a domain controller, then you're probably vulnerable unless you did patch this vulnerability.

And Kaspersky is reporting that the gravity rat matter is apparently mutating.

...