Hello and welcome to the Thursday, February 23rd, 2003 edition of the Sansonet Stormsternus Stormcast.

My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

Just a quick reminder to be careful that you patch various tools your developers are using.

Don't have any real numbers for it yet,

but at least it feels like we are seeing

sort of an increase in attacks against developer tools,

in particular over the last few months.

Today I wrote up a scan

that's trying to fingerprint vulnerable Confluence servers.

Confluence is sort of a wiki-like collaboration system that's part of the Elation suite of

tools.

And we saw one particular IP address that basically was looking for a set of URLs that could be used to exploit CVE 2021-26.84.

This is an OG&L injection vulnerability that leads to arbitrary code execution. It's an older

vulnerability, but of course no telling if there are some vulnerable servers still out there.

The test, the fingerprint they're sort of doing is quite simple

and it's part of actually a widely distributed exploit tool for this vulnerability.

It just tries to sort of solve a little math problem.

If the correct answer comes back,

then of course the attacker knows that your server is vulnerable. Let me have a little bit

an odd thing happening here with Apple security advisories. Two of the advisories released in

January, one for iPad OS and iOS, and then the second one for Mac OS. They both

sort of received a silent update by adding three more vulnerabilities to these advisories.

...