Hello and welcome to the Thursday, April 2nd, 20206 edition of the Sands International Storm Center's Stormcast.

My name is Johannes Ulrich, recording today from Orlando, Florida.

And this episode is brought you by the sands.edu graduate certificate program in

industrial control systems security. And Xavier today looked at an interesting, malicious script

that in order to obtain persistence, did write a file to the file system, but then removed the zone identifier from the file.

I've talked about this quite often already, the mark of the web.

That appears to be the intent here.

The zone identifier is an alternate data stream in Windows that is used to mark a file that was downloaded from the Internet.

And of course, in instant response, if you're looking for suspicious files,

that's an often an indicator that an analyst may be looking for.

So by removing this indicator, using a quick Power power shell command, the attacker is decreasing

the chance of the file being discovered. And Google released updates for Google Chrome.

This update fixes 21 different vulnerabilities. One of these warnabillies is already being exploited. The exploited

vulnerability is a use after free vulnerability in Dawn. Dawn is the component in Google Chrome

that implements web GPU. So that's the component that is being attacked here, and not the first time that we had

a critical vulnerability in dawn. And Apple has done it again. Apple has released another

operating system update for iOS 18. We are now up to iOS 18.7.7 as well as iPad OS18.7.

The tricker for this update was yet again the Dark Sword attack.

This is an attack that uses vulnerabilities that used to be more the domain of,

well, more sort of state-sponsored matter, but now is more widely used and it can be found on

various websites that then affect these warnable devices. Since in particular these older

devices don't have some of the more modern sort of countermeasures, well, they're particular

...