Hello and welcome to the Thursday, April 30th, 20th, 26 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the sands.edu bachelor's degree program in

applied cyber security. In diaries today, nothing too special. They're too odd web requests that

sort of caught my eyes and that came in via our honeypots. The first one is a request that appears to be going after the Broadcom API Gateway.

Don't think that's an exploit as is.

I think there's really more some kind of fingerprinting or reconnaissance scan.

Similar, the second one.

The second one is going after what I believe, according to the URL,

to be ESP 32 devices. Saw something here that this may be used to flash firmware on those

devices. If anybody has any more experience with either ESP 32 or the Procom API Gateway, let me know if there is more

to these particular endpoints and whether there could be some kind of attack being performed

via just these individual requests.

And then we got an update to Microsoft's Patch Tuesday this month.

This update comes from Akamai in the forum of Akamai stating and showing that one of the

vulnerabilities being addressed in this month's update has already been exploited before

Microsoft actually released the update.

This was not indicated in Microsoft's updates,

so it was not labeled as already exploited.

Since then, Microsoft has updated its guidance,

and now also states that this vulnerability is already being exported

or had been exploited before the patch was released.

...