Hello, welcome to the Monday, July 9th, 2018 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

If you are using Hewlett Packard servers that are equipped with the Integrated Lights Out 4 board,

that's HP ILO4, These are these boards that allow you to

access the computer and reboot it and power cycle it. Well, last August, HP released an update

for the firmware on these boards and turns out that we now have a trivial authentication bypass exploit against

a vulnerability that was patched last August.

Now back then HP didn't really make a big deal about this update so you may have missed

it.

All you need to do unaffected cards to bypass authentication is add a connection header to your

HTTP requests that contains 29 letters A.

So very trivial with simple tools like curl and such, you can easily send requests like

this and gain access to a server.

Now even before you patch this, I would double check and make sure that you do not expose

any of these interfaces to the outside world.

Based on past experience, there are probably more vulnerabilities

that haven't been patched yet in these interfaces, and of course, there's always the risk

of weak passwords. So make sure you don't allow access to these interfaces from anything

but specific IP addresses, and then make sure that they're patched.

Over the last year, we have seen this marked shift from ransomware to cryptojacking and looks

like the latest piece of ransomware to join this trend is the Rackney family. Now, this particular family of Ransomware to join this trend is the Rackney family.

Now this particular family of Ransomware has been around since at least 2013 and as discovered

...