Hello, welcome to the Wednesday, October 28, 2020 edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

The FBI today released an interesting flash bulletin stating that they identified actors that started actually back

in April to exfiltrate source code using vulnerable Sonor Cube instances.

Sonor Cube is typically used to check code quality and do static code analysis.

As such, the tool shouldn't really be exposed to the public, but apparently exposed instances that are also badly configured are then being exploited to exfiltrate code.

So it is not necessarily a vulnerability in Sonor Cube per se, but more a vulnerability in how it is

configured.

They're not going into too many details here as to what the exact vulnerability is that's

being exploited, but SonorCube comes pre-configured with well-known credentials, username admin and password admin.

Also, there have been problems in the past, for example, with Jenkins integrations and such

that did reveal the SonorCube password.

It is my guess that this is probably all about default credentials or credentials

that have been leaked before. So essentially, credential stuffing. And if you receive today an

update from Microsoft for Microsoft's Edge browser, don't be too surprised. This is actually a chromium update.

Microsoft Edge is now based, of course, on the Chromium project, just like Google Chrome.

And as such, well, whenever there are chromium patches, you will see Microsoft Edge patches,

which of course is not necessarily

aligned with Microsoft's Patch Tuesday.

The highest severity of the fixes that were released today in a total of five vulnerabilities

were fixed is high, and one particular vulnerability CVE 2020 15999 has already been exploited in the wild.

And while it is not patched Tuesday today, it is the fourth Tuesday in the month, and that means

...