Hello, welcome to the Monday, March 21st, 2020 edition of the Sandsenet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Got a couple of interesting diaries from this weekend and Friday. First one is about a very massive really increase in scans for movable type vulnerabilities.

This particular vulnerability is being looked for here is really easy to exploit.

It's a code injection vulnerability in the XML API.

It was patched late last year.

There was a little bit scanning for it,

but nothing really all that significant.

Late last week,

we really saw the scans for it going through the roof

from one particular IP address.

So be aware if you're running movable type update, make sure that you're not already

compromised.

You don't even have to expose this particular XML API in most cases.

So that may be the easiest fix here to just remove that CGI script.

Movable type, for those of you not familiar with it, is a content management system,

similar to like, you know, Triple WordPress and similar issues,

but movable type is not sort of free open source, but a commercial product.

And Solar Winds is warning that there is a possible vulnerability in its WebHelpdesk product,

version 1275.

They note that a customer reported that they did see an attempt to attack their web help desk,

the endpoint protection software, blocked the attempt, but it's possible that there is some form of unauthenticated remote code execution vulnerability in this product. They're recommending that

you limit access to it. So again, no confirmed vulnerability, just a possible vulnerability.

...