Hello, welcome to the Monday, May 3rd, 2019 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich. And I'm recording from Augusta, Georgia.

Just about a week after we had this critical new vulnerability in WebLogic, SAP security company on NAPSIS released a summary of

some attacks they are seeing against, well, Oracle competitor SAP, using a set of new exploits.

Now, none of the vulnerabilities being targeted here are new. It's actually not so much

vulnerabilities in the classic sense that are being exploited here but more

misconfiguration in the SAP Gateway and messaging system. Essentially the main

issue here is that the systems implement access control lists.

These access control lists need to be properly configured.

If they are not, then you may allow outsiders to actually execute code on your systems.

So, an abscess advice is review these access control lists, make sure they are properly

configured, and they also offer a snort signature to detect if someone is already exploiting

any weaknesses.

And Cisco this week released a number of patches.

Most interesting is a critical patch for the Cisco Nexus 9,000 series fabric switches.

These particular switches are suffering from a default SSH key vulnerability.

So essentially all of these switches are accessible via one particular

ZH key that is stored within these devices. It's the same key for all devices. Interestingly,

this vulnerability is only exploitable via IPV6. And it's about two months now that the Coin Hive, the website that sort of popularized the idea

of JavaScript-based cryptojacking shut down its service.

And Malberabytes use this as an opportunity to take a look at what's currently going on with

cryptojacking. Well, probably not a big surprise, but there is still an awful lot of coin hive

code out there. It's no longer functional in the sense that it no longer actually produces

...