Hello and welcome to the Thursday, January 16th, 2020-5 edition of the Sands Internet Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Iging today wrote up an observation he found in our first scene URL list.

It's an attack against Netgear routers.

Now, you probably have seen these attacks quite a bit.

Usually that next underscore file equals netgear.cfg is sort of giving it away that it's

this particular vulnerability.

They're exploiting in this case.

They are installing Monero miner on the router. The real question that the Eging is asking here,

why is this still a thing, given that the vulnerability is 12 years old, even if you had a

router, it was never patched, highly likely that, well, it didn't survive the last 12 years old. Even if you had a route, it was never patched. Highly likely that, well, it

didn't survive the last 12 years and got sort of patched by a power search. The problem here

apparently is that even though this vulnerability was discovered back in May of 2013.

There was no CVE entry for it until last year.

And even earlier this year, there was just sort of an update to this particular CVE entry, which probably sort of renewed some of the interest in this vulnerability, even though

and Eging is showing the craft, you have reports from back early last year, like February

March there was an increase, and since then it has been slightly increasing, but at a relatively high level.

Well, and today, of course, it's reboot Wednesday,

and with that, we do have a couple things to catch up on

that didn't make it into yesterday's episode.

One issue was brought up during Schmukon last weekend. Truffle

secured, in particular Dylan Irie here, published a blog post about this, and that's a weakness

...