4.9 • 696 Ratings
🗓️ 19 July 2018
⏱️ 5 minutes
🧾️ Download transcript
Click on a timestamp to play from that location
0:00.0 | Hello, welcome to the Thursday, July 19th, 2018 edition of the Sands Summit Storm Center's Stormcast. |
0:07.6 | My name is Johannes Ulrich, and today I'm recording from Washington, D.C. |
0:11.9 | Our sensors over the last couple days did detect a marked increase in scans for port 15,454. |
0:25.1 | Now, there are only a couple of IP addresses really heavily scanning this port. They also appear to be scanning other ports in the direct vicinity as well as Port 22. |
0:34.0 | Not really sure what they're after here. We saw a couple of RDP requests in our honeypots, |
0:41.3 | but overall, if you have any ideas what they would be looking for or if you're seeing this traffic in your own logs, |
0:48.8 | then please let us know. And Oracle released its quarterly critical patch update. |
0:56.0 | This version includes a record of 334 vulnerabilities that are being patched. |
1:03.0 | Now out of these 300 plus vulnerabilities, there are 61 vulnerabilities that are rated as critical, meaning their CVSS score exceeds 9.0. |
1:17.6 | There are again a couple of critical weblogic vulnerabilities. Now, not a lot of detail about this yet, but I wouldn't be surprised to see exploits for these vulnerabilities |
1:29.2 | within the next few days, maybe within a couple of weeks. These vulnerabilities are easily |
1:36.7 | exploitable according to Oracle and will get the attacker full access to the WebLogic server. |
1:46.4 | In addition, there are a number of Log 4J vulnerabilities that are being addressed. |
1:51.7 | Now, Oracle has been patching this for a while. |
1:54.9 | This affects different products for each product that includes Log 4J. |
1:59.7 | They have a different CVE number, but I suspect that this is still the same sort of underlying log 4J vulnerability that they are patching here across the different products that are including this particular subsystem. |
2:15.0 | So a record size update from Oracle that affects many products that are |
2:22.1 | used by enterprises. Hopefully you can address them expeditiously. Like I said, you don't want to |
2:29.3 | waste any time, in particular on things like these weblogic vulnerabilities. |
2:41.6 | And apparently PayPal subsidiary Wenmo has not made it very clear to its users that all transactions conducted via their platform are by default public. |
2:48.8 | You can change this setting, but you first have to find it and realize that all of your |
2:55.1 | app transactions are accessible. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.