Hello and welcome to the Friday, March, 26 edition of the Sands International Storm Center's

Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sands.edu credit certificate program in cyber security leadership.

Well, on today we have another guest diary by one of our undergraded interns.

This time it's Adam Thorman talking about, well, detects to the honeypot.

Yet again, as H logins with default passwords, something attackers are finding

very, very useful and successful. I mentioned it earlier this week with some of the attacks

against webcams and such in connection with the military action in Iran. But overall, this is something that we do organizations must get control over.

And I think the biggest problem, particularly for these very simple issues,

are sort of uncontrolled deployments of often consumer IoT devices.

And, well, in this example here,

Adam talks a bit about fingerprinting

and how to discover some of these devices.

And yes, Apple did it again.

Apple released updates for fairly old iOS devices and iPads.

This is going back to iPhone 6S, which was released in 2015,

so about 10 years ago now that this device has been out. Now, the reason for the release of

these two updates, one for iOS 15 and then another one for iOS 16, is that some of the vulnerabilities

being patched here have been exploited in the Corona activity, and that's essentially

malware, spyware, that has been deployed by more sophisticated and government-associated

actors.

The iOS 15 patch fixes four different vulnerabilities, one kernel vulnerability, and then three web kit vulnerability. The iOS 16 update only patches one web kit vulnerability.

...