Hello and welcome to the Monday, March 30th,

2006 edition of the Sands International Storm Centers.

Stormcast, my name is Johannes Ulrich.

We're recording today from Orlando, Florida.

And this episode is brought you by the sands.edu graduate certificate program

in incident response. Yes, and team PCP is still keeping us busy. The latest update here

from Ken is that they have now a number of additional libraries being compromised, one of them

being Telnix.

Telnix is a voice over IP platform, so basically it allows you to automate phone calls

and various chatbots and such. Of course, this is a prime target to be then integrated

with respective AI tools, AI chatbots, and the like.

And, well, that's exactly sort of where to compromise hits.

They did compromise a Python library that is actually used to interface these tools with Telnix's Rest API.

Now, in this case, the actor wasn't able to compromise the GitHub repository.

Instead, they compromised the Pi Pi account for Telnix and as a result, we're able to publish a new version.

So in this particular case, version pinning should have protected you.

And yes, only if you download the new compromised version,

then you have a problem.

Slightly different payloads for Windows and Linux or MacOS in this case.

And another sort of interesting add-on is that some of the malicious code

is being transported as a wave file. So that way it makes it a little bit more

difficult to attack. Also, there are now more and more links between the team PCP crew and various

...