Hello, welcome to the Monday, August 27th, 2018 edition of the Sandcent Storm Center at Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Frankfurt, Germany.

Just a quick update on the Apache Struts vulnerability that I talked about on Friday.

There is now on GitHub a public available exploit

for this vulnerability. So if you still have any unpatched systems out there, any systems

where you didn't mitigate this vulnerability well using some form of web application firewall

or whatever, don't just blindly patch these systems at this

point, but go over them with a fine comb trying to figure out if they haven't already been

exploited yet. And Xavier took a look at some malware that was delivered as a malicious publisher file. Yes, Microsoft

publisher hasn't really been used much lately, I believe, but apparently it's still part

of the default install in many office setups. It is, for example, part of the Office 365 business premium setup

which a lot of businesses subscribe to and if you select to install the respective

applications on your system then publisher will be installed as well and of course

these dot pub files will automatically be opened by publisher.

Probably the goal here is to evade some basic blacklisting techniques where you're only looking

for macros and alike in Word or Excel documents and never really bothered to also inspect

publisher documents.

So Xavier in his post will explain how to analyze this kind of malware and a reader actually

left a comment telling you how to add dot pub files to the exchange online protection.

Well, and if you never heard of publisher, then you probably also have never really heard of

AT commands.

In a good old Dial-up modem days, you tended to use AT commands, which is short for attention,

...