Hello, welcome to the Thursday, February 28, 2019 edition of the Sandinand Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Augusta, Georgia.

Coin Hive today announced that it will discontinue operations in about a week on March 8th. Coin Hive made a name for itself by providing

JavaScript code that allowed you to mine Monero in browsers. Now this of course has been

heavily abused and Coin Hive has taken a lot of criticism for this. The reason to shut down isn't related to this controversy as much

as to the decrease in the profitability of Monero mining and some changes to the Monero

algorithm that will hit on March 9th. So instead of adjusting their code for this new algorithm, of course,

there have been a couple other services that essentially copied the Coin Hive concept. We'll see if

they will continue to operate and if the discontinuation of Coin Hive will lead to a drop in the

proliferation of cryptojacking.

And a security company Edgewave has yet another case of fissures using Asia block storage.

The reason this is interesting is that URLs for Asia's blog storage and in Windows.net.

So if I visit an HTML page that's stored within Asia, well, I actually get a Windows.net

domain with a proper HTTP certificate, which may make users more likely to actually enter their credentials.

Of course, this is used for Office 365 fishing, which will take best advantage of this domain.

Like I said, I don't think that's the first time I've seen this.

Also, last week I think it was,

we saw Google Translate being used in similar ways in order to hide the actual fishing page

behind what looks like a legitimate Google host name. And while it should be clear that

old Warner Blitz never really go away,

the Cisco Talas research team is reporting that they see sort of an uptick against an old Elasticsearch vulnerability.

...