Hello, welcome to the Tuesday, February 5th, 2019 edition of the Sandstone Storm Center's Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida.

We got a couple excellent diaries from Rob today, the first one dealing with exploiting the struts vulnerability in VMVers V-Center.

So ever since Equifax, this old 2017 vulnerability in struts, of course,

should have been at the top of everybody's mind and patch list.

But it's one of those tricky things.

It's really hard sometimes to figure out what in your network actually uses struts and

it turns out, V-Sender is one of those piece of software that's of course critical to most

environments that does include struts.

And if you haven't patched it, then yes, you are vulnerable.

And Rob walks you through how to exploit this particular vulnerability with V-Center and to achieve

a remote shell to the system, which in a case of V-Center, of course, will give the attacker

full access to your virtual

infrastructure.

Now the second diary that Rob wrote up is actually based on a submission we got via our

Slack channel from Caleb.

Caleb was reporting that he had a user being called using the typical tech support scam phone call with a little twist to it.

The caller tried to make the scam more plausible by pointing to the Wikipedia page for Spy Eye.

Now Spy Eye is real malware, it's dangerous Malver, but this particular Wikipedia page

was augmented with a paragraph that kind of pointed out that normal antivirus won't work

and you need something that they're calling an IP technician to help you. Overall, this

paragraph was written pretty badly and looked overall suspicious.

Now, the intent here is to essentially tell the user that the person calling them is sort of one

...