Exchange Exploit, the Cloud on Fire, Bob Ross Painting MTN Dew & more!

March 12, 2021 by
Exchange Exploit, the Cloud on Fire, Bob Ross Painting MTN Dew & more!
Matthew Almendinger

The Lighthouse IT Podcast - March 12th, 2021

Matt and Griff go through a lot this week, including the Massive Exploit Discovered in On-Premise Exchange, how the Largest European Cloud Hosting Provider Catches Fire, a Healthy Man Gets Text Message that He's Eligible for Vaccine for being too... Fat, AT&T and T-Mobile ban shared short codes, Burger King + International Women's day, and MTN Dew Deep-Fake with Bob Ross.

Listen here!

Security News

Massive Exploit Discovered in On-Premise Exchange

HAFNIUM - Hafnium is the name that Microsoft uses to denote a specific gang of cybercriminals, allegedly operating out of China via cloud services in the US.

These patches were deemed so critical that they came out the week before March 2021's regular Patch Tuesday, instead of being made to wait for the rest of the month's fixes.

These zero-day bugs can be used, amongst other things, to get access into, and to implant malware onto, Exchange systems, giving the crooks a sneaky entry pathway that avoids the need for cracked or guessed passwords.

Attackers are using the exploit to run elevated shells accessible on the internet. Allowing them an open door to do as they please on these networks.

For more information about webshells:

READ MORE

Largest European Cloud Hosting Provider Catches Fire

OVHcloud's SBG2 datacenter in Strasbourg has caught fire, damaging SBG1, and bringing SBG3 & SBG4 offline while emergency services respond, with firefighters able to prevent spread to SBG3 & 4.

While thankfully no one was hurt in the fire, OVHcloud has notified clients that they should implement long term continuity plans and that it is to be assumed that all data in SBG2 is lost.

This leads to the most common misconceptions:

  • The cloud is natively backed up
  • The cloud is natively geographically redundant
  • The cloud is natively secure

READ MORE

Healthy Man Gets Text Message that He's Eligible for Vaccine for being too... Fat?

Liam's a brit, journalist, and fairly healthy. By his own mention, maybe, a bit on the chunky side. But Liam was a bit surprised to receive an SMS telling him to come along and get his COVID-19 shot because of his "excess weight."

Oof.

Well it turns out that UK is using BMI to calculate at-risk persons due to weight and, polarizing as its use continues in the 21st century, and that through a clerical error, Liam's BMI came back at and staggering and quite impossible 28,000 (there's only ever been 2 people on record with a BMI over 200).

But there were no checks to validate any data entered, so someone who inputted Liam's height (6'2") instead entered as 6.2 into a field expecting centimeters.

So no validation on the data entry and no validation on the calculation results in the impossible numbers.

READ MORE

Marketing News

AT&T and T-Mobile ban shared short codes.

SMS saw a growth spurt during 2020.

Is this a good thing? Will SMS be seen as a more trusted method now that each brand may use a dedicated, unique number for their marketing efforts?

Will others follow?

READ MORE

Burger King and International Women's day

Burger King said what...?

Yeah, they really said that "Women belong in the kitchen."

Was this a media stunt, or just bad marketing...?

READ MORE

MTN Dew Deep-Fake with Bob Ross

Mountain Dew used a Bob Ross deep-fake for their most recent YouTube ad campaign.

This 'lost episode' has Bob Ross painting a bottle of Mountain Dew.

This is a 42 min episode: