Hello, welcome to the Thursday, November 21st, 2019 edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Riyadh, Saudi Arabia.

Brad did an update on what he's currently seeing with the Hankytore malware.

Now, this malware is currently being distributed by these

docu-sign emails. If you probably have all seen them in the past, they're often caught by

spam filters, and so not a huge threat, but apparently it's still successful enough for the bad guys

to continue to use them.

Hank Gator, of course, is essentially just the first stage, the downloader that will then

install additional malware on an infected host.

According to Brad's recent observations, this is often than the pony malware, which is essentially an information stealer, so collecting

usernames and passwords from your system. As always, Brad is providing indicators of compromise,

as well as traffic captures of an infected machine, so you can reproduce some of the work yourself.

And the ERP security company on NAPSIS is warning that about half of the companies that are

using Oracle's e-business suite have not yet patched vulnerabilities for which updates were made available in April

this year and actually as far back as April last year. Ennapsis calls these vulnerabilities

together payday vulnerabilities in part because of the potential financial impacts that exploiting these vulnerabilities may have.

Exploiting these vulnerabilities does not require authentication and could, for example,

be used to change approved electronic file transfers to send payments to the attacker's bank account, for example,

and apparently exploitation does not leave a trace according to Onypsis.

Now, Anapsis is a company that, of course, makes its living, protecting organizations

from these type of vulnerabilities. It should

be noted that they are not seeing any exploitation in the wild, but given the age of these

...