Hello and welcome to the Thursday, March 28, 2004 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

This week our honeypots detected an uptick in queries for Apache OFBiss.

OFBiss is sort of an e-commerce, enterprise resource planning,

a kind of suite, looks like pretty massive software.

I'm not really that familiar with the particular software,

and it does not appear to be one of those super popular piece of software with about 500 to a thousand

of them being exposed to the internet. However, they had a number of vulnerabilities recently,

one of them allowing arbitrary code execution without any authentication.

So it's very possible that people like cryptocurrency gangs and such

picked up on that and are going to pick off the remaining OFBIS servers shortly.

What we're seeing in our honeypots is just scanning.

Our honeypots are not emulating OFBIS, so these scans

probably just tell the attacker that we are not vulnerable.

And next ployd for the most recent remote code execution vulnerability was published on GitHub

earlier this year.

And then we got an interesting vulnerability in, well, old Unix utilities, and that's always

a little bit of favorite of mine.

In this case, the culprit is the wall command, the command that you're using to send

messages to all users.

Typically, it's used, for example, to announce a system shutdown or a similar action that

you all users who are currently locked in, you want to be aware of.

...