Hello, welcome to the Thursday, September 1st, 2016 edition of the Sandsenet Storms anders Stormcast.

My name is Johannes O'Rich and the day I'm recording from Jacksonville, Florida.

Adobe released a surprise bulletin for Cold Fusion and 11.

So no, it's not for Flash, so most Adobe users out there don't have to worry about this,

only affects the server component called Fusion. Also, the priority rating is only meaning that

there is no current exploit available for this. A little bit surprising that they bothered with sort of this out-of-band update for it.

It does affect the XML parser, essentially an external entity issue, so an attacker could

submit crafted XML to a Colfusion application and probably get system files in return.

Typically, once identified, these XML external entity issues are relatively easy to exploit.

Maybe that's the reason why Adobe came up with this out-of-band update.

And if you downloaded the OS10 BitTorn client transmission during the last few days, be aware

that via the official site you may have downloaded a backdoor version of this software.

Apparently the software was available from August 28th,

29th for about 24 hours and it did include a version of the Heatnap Trojan that tries to steal

your key chains. It's not really clear how this happened, but the version of transmission that

included this Trojan was signed with an Apple developer certificate, but a certificate

that's different from the one typically used for transmission. The affected version is

2.9.2, but not all copies of that version are affected.

After removing the backdoor, they did not change the version number. Also, that version wasn't

some time before the backdoor was installed.

And Kerspersky's Securelist.com site has a nice write-up on the demise of Lerk gang.

Lerk is commonly being held responsible for the Angler Exploid Kit.

...