Hello and welcome to the Thursday, March 9th, 2020,

edition of the Sansinet Storm Center's Stormcast. My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Quick diary today about an increase in exploitation against a relatively new Jumla vulnerability.

The vulnerability was patched on February 16th, I believe.

We have seen exploits pretty much ever since this started,

but very small numbers of them.

The exploit is actually very trivial.

It's just public equals true parameters being added to the URL that will then later bypass off the occasion.

And the most commonly seen exploit of this vulnerability does go after the application's configuration,

which will then typically include things like, for example, database, credentials, and IP addresses.

This vulnerability, like I said, has been patched, but relatively recently, so certainly no surprise that we do see quite a bit of interest in it.

In the last couple days, there was one source IP in particular that has started scanning

this vulnerability very aggressively after seeing sort of a small increase, a couple days

after the vulnerability was released, but the last few days have been really big.

So I guess it's picking up more steam now.

You better have your Jumla servers patched.

Now we have an interesting vulnerability in Jenkins that may lead to remote code execution.

The vulnerability was found by Aqua Nautilus,

and Jenkins, if you're not familiar with it,

it's usually part of sort of a CI-CD pipeline.

It's an automation server that basically builds software products,

...