Hello, welcome to the Thursday, February 17th, 2020 edition of the Sansonet Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Docustein is still popular in either fake or real messages.

Kind of interesting. Today we have a diary from Pratt

about a fake docu-signed message. And actually just a couple of hours ago, I received a real one

and asked the sender, well, whether or not it was real because the fake ones are so common

and often impersonating the real ones so well.

In this case, the case that Brad described, the link then led to the Asterooth or

Gilmah malware and, well, would lead to an infection if you let it play out.

Actually, this one for a change does not involve an office document with macros.

Instead, it's just a simple zip file that then expands to a CMD file, which of course

executes and downloads additional code.

And of course, as usual, you will find the actual Malar and P-Caps and such for your analysis

on Brad's website.

And we've got a couple of WarnerBILs here to talk about that you probably want to deal with before the weekend, if possible.

First, legislation did release updates for Confluence Server as well as for a GERA server.

The Confluence Server vulnerability is rated as high.

It's a privilege escalation vulnerability that would allow a local authenticated user

via DLL hijacking to then actually escalate privileges.

GERA suffers from a number of cross-site request forgery issues where an attacker could use them to then adjust settings.

Also, some data leakage issues.

All of these are only rated as medium, and I think that's appropriate.

...